Re: Servidor com 2 acessos a Internet
From: David Z Maze (dmaze_at_debian.org)
To: email@example.com Date: Wed, 26 Nov 2003 12:25:11 -0500
"bannack" <firstname.lastname@example.org> writes:
> I work in a company who has a NT net with a firewall closing a lot
> of ports, ips and key words, with a 2Mbps link to the Internet.
> I have inside this company a DSL channel to tests, that is
> disconnect from the main net, and is connect just to one alone
> I have a computer with debian, connected to the NT net and
> configured to access with ssh.
> I'd like to connect the DSL channel to this debian computer but only
> acces the Internet with the DSL channel, and not permiting to no
> other computer use this ADSL. And I'd like to connect to this debian
> using ssh and export the display to my terminal and access all the
> Am I a crazy, or is it possible to do?
It's *possible*, yeah: you'd set up two NICs on your machine, and set
the default route to the DSL channel. If you didn't enable IP
forwarding (which is the default) then packets wouldn't be routed
between one and the other.
> And what about the security in this case?
Computer security, or job security? This sort of setup is the classic
way things like railroad signals and power plants get taken down by
Windows viruses ("we thought we had a secure network but an employee
had an outside channel and so things crossed over"). If I was
corporate IT and discovered you had this sort of setup, I'd be more
than a bit upset.
But otherwise, assuming the "Debian server" box is secure, this setup
should also be reasonably secure. You might make sure that, if there
are services you only want visible on one side or the other, either
the service is set to listen only on one side or you have firewall
rules blocking it from the other.
-- David Maze email@example.com http://people.debian.org/~dmaze/ "Theoretical politics is interesting. Politicking should be illegal." -- Abra Mitchell -- To UNSUBSCRIBE, email to firstname.lastname@example.org with a subject of "unsubscribe". Trouble? Contact email@example.com