All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mike Fedyk <mfedyk@matchmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Balancing ip traffic over two or more internet (adsl) connections
Date: Fri, 16 Mar 2001 19:52:26 +0000	[thread overview]
Message-ID: <marc-lartc-98477237618078@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98465591406063@msgid-missing>

On Fri, Mar 16, 2001 at 08:10:08PM +0100, RoMaN SoFt / LLFB !! wrote:
> On Fri, 16 Mar 2001 10:32:52 -0800, you wrote:
> 
> >I would find an old pci machine, and use that as the "equalizing" machine.
> >You can have the proxy behind that, and have the eq box send the connections
> >needing proxying to the squid box.
> >
> >Are you using the eq box as a firewall too?  Under best conditions, the only
> >open service on the firewall would be ssh or none.
> 
>  This is a bit paranoid for a little LAN: almost all our employers
> have few computer skills and the ones with some "computers' control"
> are totally trusted. The untrusted world is out of the LAN, where
> proxy service will be hidden (filtered). In addition both outgoing
> routers are performing NAT so inherently we've got some extra
> protection (it is virtually impossible to establish a connection from
> out of the LAN into it).
> 
>  Summarizing: although running a proxy, it should not be seen from the
> outside.
> 
>  By the way, your statement is very well known and generally it should
> be taken into account if possible.
> 
I understand everything you're saying, I've setup a firewall/mailserver/file
server/monitoring station/trans proxy/masq in several places, but you will
have a LOT fewer headaches if you keep your firewall seperate from
everything else.

I'm working on creating a DMZ perimiter network and putting the actual
network behind two firewalls.  Anything where you have anything as critical
as needing multiple links to the internet should be setup this way.

I will have a lot fewer layers of complication once I seperate my firewall
from the rest... not to say it's impossible.

You also have fewer places that need constant updating, since I can't take
my file server down as often as I'd like to be able to install the latest
kernel for firewalling...

Mike

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

  parent reply	other threads:[~2001-03-16 19:52 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-03-15 11:33 [LARTC] Balancing ip traffic over two or more internet (adsl) connections RoMaN SoFt / LLFB!!
2001-03-15 11:48 ` [LARTC] Balancing ip traffic over two or more internet (adsl) Arthur van Leeuwen
2001-03-15 15:44 ` [LARTC] Balancing ip traffic over two or more internet (adsl) connections RoMaN SoFt / LLFB!!
2001-03-15 16:56 ` [LARTC] Balancing ip traffic over two or more internet (adsl) Arthur van Leeuwen
2001-03-16 10:16 ` [LARTC] Balancing ip traffic over two or more internet (adsl) connections RoMaN SoFt / LLFB!!
2001-03-16 10:41 ` [LARTC] Balancing ip traffic over two or more internet (adsl) Arthur van Leeuwen
2001-03-16 11:52 ` [LARTC] Balancing ip traffic over two or more internet (adsl) connections RoMaN SoFt / LLFB!!
2001-03-16 12:41 ` [LARTC] Balancing ip traffic over two or more internet (adsl) Arthur van Leeuwen
2001-03-16 18:25 ` [LARTC] Balancing ip traffic over two or more internet (adsl) connections RoMaN SoFt / LLFB!!
2001-03-16 18:32 ` Mike Fedyk
2001-03-16 19:10 ` RoMaN SoFt / LLFB!!
2001-03-16 19:52 ` Mike Fedyk [this message]
2001-03-17 12:56 ` [LARTC] Balancing ip traffic over two or more internet (adsl) Arthur van Leeuwen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-98477237618078@msgid-missing \
    --to=mfedyk@matchmail.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.