Greetings,
Perhaps my verbiage wasn't quite on the mark. Given the situation, this is
a very fine solution. Linux has proven to be very secure given it's nature
and if you know what you are doing, this is probably the best route and
quite secure indeed.. Ideally you would like to have multiple IP's and
multiple machines doing the various different tasks, but this is out of
scope of the original Email, which I should have noted when I said it was
'by no means a good way to do things'.
-Ethan
-----Original Message-----
From: Clay Wells [mailto:cwells@geoplan.ufl.edu]
Sent: Tuesday, February 22, 2005 4:07 PM
To: Ethan
Cc: firewalls@securityfocus.com; 'Kelvin Tarver'
Subject: RE: Single public IP address
hello everyone,
Sure it is.. Certainly not recommended, but possible: Grab a linux box
with a couple nic's.. Setup ip forwarding, a vpn package, and port
forward
80 & 443 to a specific internal ip. By no means is this a good way to do
things, but you can if you want.
-Ethan
ethan,
since we are taking about a linux box i am VERY curious as to why you think
the above situation is 'by no means a good way to do thing'? what's wrong
with a linux firewall (using iptables) and port forwarding? what would you
recommend?
cheers,
clay
-----Original Message-----
From: Kelvin Tarver [mailto:ktarver@fitnc.com]
Sent: Thursday, February 17, 2005 4:36 AM
To: firewalls@securityfocus.com
Subject: Single public ip address
Is there a way to have a single ip address do the following:
1)Function as the outside interface of a firewall.
2)Use that same public ip address, and outside interface to function as a
vpn server.
3) Have the same public ip address PAT to a public web Server on the dmz.
The goal is to have the outside interface of a firewall, vpn server, and a
public webserver to share the one public ip address.
Is this possible? I'm convienced it isn't possible, but I might be
missing
something. Any insight on this issue would be greatly appreciated.
Thanks.
