Network Cards and access

Discussion in 'Installation/Configuration' started by mphayesuk, Feb 24, 2006.

  1. mphayesuk

    mphayesuk Member HowtoForge Supporter

    Ok What I am doing is using my suse 10 64bit box for ispconfig and at the moment I have 3 network cards in. I plan on having two for public use and one for my private lan.

    1) What are the risks with having this configuration
    2) Is there a way to protect my internal network from being accesed through the public cards.

    I plan on not having root access through ssh but another admin style account, if this makes any difference.

  2. ryoken

    ryoken New Member

    could you please expand your definition of "public use"? do you mean one NIC is connected to the WAN (the big bad internet), the other NIC connects to the DMZ, and the final one to the private LAN? an ascii diagram of your network topology would not go astray here ;)

    if my assumptions above are correct, then 1) there will always be risks involved 2) but this can be minimised by using a correctly configured firewall AND making sure all daemons on that server are listening on the correct interface. misconfiguration will make your linux server far more vulnerable than any windows desktop! :eek:
    Last edited: Feb 25, 2006
  3. mphayesuk

    mphayesuk Member HowtoForge Supporter

    Network Config

    | Modem/Router | -- public addresses x 8
    | |
    | |
    | |
    | |--------------------------- Linux Server
    |-----------| |-- 2 nics with public addresses
    | Router | 1 nic linked to internal network
    |_______| switch
    | |
    | network switch |-------------------------------
    Internal Network
    Windows boxes

    Hope this helps with what I am talking about
  4. ryoken

    ryoken New Member

    well based on your diagram, i'd say you will have to configure your 2nd router to use ip/port filters (not the modem/router) to block all inbound external traffic except what is only essential (e.g. http, ftp, and maybe ssh). likewise, all outbound external traffic should be screened for maximum security (again, only allow certain protocols). most basic routers should have a ip/port filter feature for u to customise.

    hope this helps...

Share This Page