Re: [vox-tech] dsl ideas

[Gabriel Rosa <groMAPSsa@ucdavis.edu>]

On Sun, 3 Dec 2000, Ted Deppner wrote:

> 
> Cisco calls these things "VLANs", or Virtual LANs.  If you really have a
> switch capable of VLANs you have a $1000 switch... if it didn't cost that
> much you may not have VLANs, and therefore no real guarantee that your
> packets will route through your router box between the two VLANs.
> 

Yes, our router does vlans, it's also a 10/100 :)
I believe I said it was manageable.

and you're making the mistake of assuming that i paid for it :P

> > would simply connect to the other vlan on the switch (however many ports for
> > internal use) and the other machines would all be there.
> 
> Routers route... you don't want it to "bridge".  I'll assuming you
> misspoke.

Right, I'm refering to the fact that traffic from the outside would be routed
to the internal network and vice-versa :) my mistake. Bridging would imply 2
separate media, iirc.

> It would work, and many people do it that way... however, if you want
> protection from that nasty DSL line and all the internet, you may consider
> putting the DSL into your router directly on it's own NIC (with a
> crossover type cable), then your two lans (public server lan and private
> MASQuerade/NAT LAN) each on their own NIC for increased security.  This
> would be a total of three NICs in your router.
> 

This seems too cumbersome, imho. And i'd hate to have my whole network go down
just because my router died.

One of my ideas is to have a second router as a backup (our primary router
does http, ftp and some other stuff) just to do nat, and maybe have the
clients switch routers after some timeout. Just an idea :P

> Otherwise, using the method you outlined, each of your publically
> available servers would need to have it's own firewall type configuration,
> and you'd be more at risk.
> 

yes, i'm aware of the security issues, but since i don't know what to do with
those extra 4 ips yet, i'm just thinking up architectural ideas :)

-Gabriel