| View previous topic :: View next topic |
| Author |
Message |
SpaceTom
n00b
Joined: 24 Mar 2004
Posts: 27
Location: Germany, USA
|
 Posted: Mon Nov 29, 2004 6:41 pm Post subject: bridge vs masquerade |
 |
|
I need some opinions on this...
My ADSL router is getting a Wireless LAN card to solfe the wirering problem in my appartement. The router will have - in ther near future - 3 network devices. One with the public IP address for the internet and 2 cards for the local network (one wireless, one ordinary).
What is the best way to go: bridge or masquarade...
Creating a bride with a local internal ip and connect both internal cards to the bridge and make the bridge known to the firewall
OR
Both cards get an IP address (in different subnets) and I work with 3 firewall zones.
Any comments are welcome. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Mon Nov 29, 2004 6:58 pm Post subject: |
|
|
Configuring a firewall for 3 interfaces isn't much more work than for 2.
You don't (ever, please) "make an interface known" to a firewall - you set up iptables rules to regulate the traffic in and out of the interfaces.
Using a bridge simply means one extra layer of networking, and - since one of these interfaces is wireless - extra security where it is not needed.
I'd separate them and apply serious L2 and L3 security to the wireless interface; you can relax it for the wired subnet.
EDIT: okay, a quick plug: throw out whatever's on the router now and get ipcop.
It has support for up to four zones: internal, external, WiFi and a DMZ.
It's plug and play - install and forget.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
