On Thu, Apr 30, 2009 at 12:49:05PM +0100 or so it is rumoured hereabouts,
Conor Wynne thought:
> Frank Murphy (Frankly3D) wrote:
> > On 30/04/09 11:13, Conor Daly wrote:
> >> I use a separate internet-facing mail server at home in a de-militarised
> >> zone (DMZ) off the firewall rather than allowing a connection directly
> >> into my home server from the net.
> > There is a dmz setting in the netgear
This is of no use (I think) unless it routes to a separate ethernet port which is
not allowed access to the LAN.
> > Email gets from that into the home
> >> network by pull rather than push so the internet-facing server has no
> >> way
> >> of getting into the home network by itself.
> > and this is secure\safe
> There is no such thing as secure\safe on an internet facing machine.
> Everything can be hacked given enough time.
> A DMZ will provide some security, but if hacked, then your foobarred.
> The attacker no longer even requires making inbound connections,
How do you mean? In my case, the firewall allows no connections from DMZ
to LAN. Any traffic between them originates from within the LAN. If my
DMZ machine is cracked, it will suffer but my LAN shouldn't.
Conor Daly <conor.daly at cod.homelinux.org>
-----BEGIN GEEK CODE BLOCK-----
GCS/G/S/O d+(-) s:+ a+ C++(+) UL++++ US++ P>++ L+++>++++ E--- W++ !N
PS+ PE Y+ PGP? tv(-) b+++(+) G e+++(*) h-- r+++ z++++
------END GEEK CODE BLOCK------
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!