[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Building a "reasonable secure" network
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Building a "reasonable secure" network
- From: Frank K Dahl <frank_(_at_)_inout_(_dot_)_no>
- Date: Wed, 21 May 2003 07:48:26 +0200
Got a network at work which i want to sharpen up, as this network also
includes also includes servers I want an DMZ. The Internal computers I
want behind a NAT mainly because of avaible IP-space, so we are
talking a 1-to-many NAT. Just for the record, inside the NAT there is
no servers that will be needed from the outside, so PAT should not be
needed I guess. Bridge will also be used to filter administration by MAC
address, yes I know MAC can be faked, but at least its better than
Note: "Bouth" bridges is the same box, I just wanted to prevent
missunderstanding because of uncorrect formated ASCII..
I only got three questions:
1.) Will this work? I mean, I read WAN--Bridge--NAT does not work,
but seems WAN--Router--Bridge--NAT does. Please correct me if I am
wrogn. And if anyone feel like it, a short explanation would be moust
2.) Is there a smarter way doing it? Something I might missed? As I rather
want a OpenBSD box for Router instead of a hardware one, this means 3
boxes.. any way I might shorten it down without loosing functionality,
assumed this setup really is valid?
3.) I also want to set up a VPN between our two offices. So, again
assumed the setup is valid, and I need thses three boxes, which will be the
best to use as VPN? I assume "Router1" Thinking that I might mess up
the Bridge by adding this to it? Again, please correct me if I am wrogn.
Thanks in advance for any help or gudiance.