Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Security question: Can one PC be on both sides of a firewall?

Options
  • 27-11-2003 12:12am
    #1
    tomk
    Registered Users Posts: 1,067 ✭✭✭


    Here's the situation. I have a Linux box set up as a bridge between my DSL connection and an ethernet connection. This connects via crossover to the firewall, which handles the PPPoE side of things. After that, we're on my LAN. So far so good - all's working as it should be.

    The thing is, the bridge only uses a few percent of the box's capacity, so I had this (probably unworkable) idea of sticking another NIC and hard drive into it, connecting this NIC to my LAN, and using the same box as a bridge outside the firewall, and a file server inside the firewall, at the same time. Before anyone shouts "B****cks!" I should mention that the bridge has no IP addresses assigned to it - it operates at MAC level only, so therefore can't be portscanned etc - right? The additional NIC would get a DHCP IP address inside the firewall, so it should be safe too - right?

    I would not be disappointed if anyone proved me wrong - I'd just like to hear any reactions, particularly from anyone who might have done this kind of stuff before.


Comments

  • Options
    #2
    zenith
    Registered Users Posts: 785 ✭✭✭zenith


    Eh, can't comment on the Linux specifics re interaction with the bridge, but a box can certainly have multiple NICs and they can be on different subnets. No particular bother.

    So, yes. definitely maybe.

    Why don't you get the Linux box to act as a router for the rest of your network, and avoid the bridging altogether by just using shorewall as a firewall on it. One nic talks to the Internet, the other talks to the lan, and shorewall does the sorting. It then routes the internet traffic in, fine, and can also be a fileserver.

    Or was I missing something esoteric about your setup with the bridge?


  • Options
    #3
    tomk
    Registered Users Posts: 1,067 ✭✭✭tomk


    This particular setup came about because I had decided to use Smoothwall, on the basis that they were introducing support for my ADSL PCI card. However, they didn't mention that they were only supporting it for PPPoA connections, not PPPoE. When I got them to admit that this was indeed the case, I was originally going to look for an alternative firewall, but I had also been reading up a bit about bridging, so I though I'd see if I could do it - a Linux learning experience, something I'm always up for. I had an old Pentium 166 to try it on, and I was dead chuffed when everything worked out. Also, Smoothwall has grown on me, and they say they will get around to PPPoE in the spring.

    Thanks for your input, zenith. My original question is now irrelevant, as in the meantime, I have acquired a spare PIII from work, so that will do nicely as a server of various sorts.


Advertisement