From: Sanjay Arora <skpobox@yahoo.com>
To: linux-net@vger.kernel.org
Cc: linux-newbie@vger.kernel.org
Subject: Linux Networking problem...please help..
Date: Mon, 14 Jul 2003 00:11:21 +0530 [thread overview]
Message-ID: <5.1.1.6.0.20030713233516.00b45080@hotmail.com> (raw)
Network Scenario: RH 8 Linux Firewall Server using three ethernet cards,
IPs 172.16.0.141 (connected to Cable Ethernet ISP doing NAT), 192.168.200.1
connected to an ethernet hub, & 192.168.100.1 (presently not being used).
Using a hub two lans are connected to 192.168.200.1, each presently having
one machine each having IP addresses 192.168.200.2 (Windows XP machine,
having Gateway address of 192.168.200.1 in TCP/IP settings) and
192.168.250.1 (RH8 Linux Server, again having 192.168.200.1 as GW address).
1. When I ftp from 192.168.200.2 (WinXP) to 192.168.250.1 (RH Linux File
Server), the firewall shows an error message saying that WinXP machine is
ignoring redirects to 192.168.250.1 The transfer speed is also around 3.5
MB instead of full 10 MB which I get between the two Linux Servers. What's
the reason? What do I do to correct this behaviour?
2. The RH fileserver machine is very underutilized. I am thinking of
putting another ethernet card in it and connect is to the cable ISP and
Firewall server using a hub. I plan to put a firewall on the new
ethernet/IP address denying all outgoing packets and put a sniffer on it.
What are the security implications of this? Mind the IP that sniffer is
running on is denying all outgoing traffic and dropping all incoming
traffic and providing no services at all. On the other hand the machine is
inside the firewall.... a compromise here would provide direct access to
all local network resources. Is a compromise possible on an IP that denies
all traffic inbound and outbound? Should I waste one machine for this task
on my proposed small network (less than 20 machines)?
With thanks in advance ;-))
Sanjay.
next reply other threads:[~2003-07-13 18:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-13 18:41 Sanjay Arora [this message]
2003-07-13 21:52 ` Linux Networking problem...please help Ray Olszewski
2003-07-14 2:41 ` Glynn Clements
[not found] <3F1332FC.8080903@bcgreen.com>
2003-07-16 12:20 ` Sanjay Arora
2003-07-16 14:06 ` Ray Olszewski
2003-07-16 15:00 ` Sven Schuster
2003-07-16 15:16 ` Sven Schuster
2003-07-17 15:09 ` Liam Helmer
2003-07-16 17:45 beolach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5.1.1.6.0.20030713233516.00b45080@hotmail.com \
--to=skpobox@yahoo.com \
--cc=linux-net@vger.kernel.org \
--cc=linux-newbie@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.