Edierley Batista Messias wrote:
>
> Hi Everbody,
>
> I would like to ask a question for you!!!!
>
> I need to build a Firewall on the site http://www.fua.br
> I research for a lot of Firewalls Arquiteture.
> And I found the 'Screened Host' Arquiteture, that is good for us,
> some thing like this:
>
> (**********)
> ( INTERNET )
> (**********)
> |
> |
> ----------
> | ROUTER |
> ----------
> |
> -----
> |HUB|
> -----
> |
> --------------------------------------------------------
> | | | |
> ---------- ---------- -------------- -----------
> |MACHINE1| |MACHINE2| |BASTION HOST| |MACHINE n|
> ---------- ---------- -------------- -----------
>
> My question is:
> Do I need another HUB to separate the Bastion Host,
> from the others machines on the net, to garantee security, to garantee
> that the packets that coming from the router, pass first in the Bastion Host
> and later to the others machines?
>
>
> Thanks for everyone.
>
> ------------------------
> University of Amazonas
> http://www.fua.br
>
> Edierley Messias
> ebm @
dcc .
fua .
br
> ------------------------
If you must have a sreen-router architecture it is better to use another
router (instead of a dual-homed bastion host) that has more restrictive
sreening between bastion host and interior hosts.
rm
rm
References:
|
|
