[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jul 2005 ]

Re: [edlug] Network configuration question

To: EdLUG List <edlug@xxx.xxx.xxx>
Subject: Re: [edlug] Network configuration question
From: Michael Calwell <zen54131@xxx.xxx.xxx>
Date: Sun, 10 Jul 2005 13:47:59 +0100
In-reply-to: <42D117F5.8070905@xxx.xxx.xxx>
List-post: <mailto:edlug@xxx.xxx.xxx>
List-subscribe: <mailto:edlug-request@xxx.xxx.xxx>
List-unsubscribe: <mailto:edlug-request@xxx.xxx.xxx>
References: <42D117F5.8070905@xxx.xxx.xxx>
Sender: owner-edlug@xxx.xxx.xxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1

Stuart Carter wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, time to pick the brains of EdLUG ;-)


Assumptions:
1. Having multiple machines doing the same job is Not An Issue (supply
of spare computers that can be repurposed).
2. The network OS will be FLOSS.
3. The physical network infrastructure is CAT5/6 cable (no wireless,
thankyouverymuch!)


Requirements:
A. "Green" LAN is the default LAN - this provides no access to the internet.
B. "Red" LAN is not default - to get on it, one must utter the
appropriate incantations, or must physically plug the network cable into
a different switch. The red LAN provides internet access.

(If you want to think of it in practical real-world terms - the green
LAN is running Windows, and the red LAN is *not*! Hence wanting to make
sure that there is no internet access on the green LAN!)


Possible solutions:
1A. Air gap the two LANS - one server provides green LAN (say, on
192.168 IP range), one server provides red LAN (172.16), each LAN on its
own physically seperate infrastructure (probably, which switch is it
plugged in to).

2A. Firewall off the green LAN from the red LAN in software.

Any data transfer between the two LANs would have to be done using
physical media - CD, DVD, USB stick....

What do people think? How would you implement this infrastructure?

Thanks,


Stuart
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC0Rf1QUXxZnrs2/ARApJnAJ4115jBn1lpUY21ekaZUKUX6CDRhACfTmg7
WyisAdAJ+0WFjia7yvEVWjQ=
=zVsM
-----END PGP SIGNATURE-----
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

What is the rationale behind this system? Couldn't you could share data between systems via samba, without requiring all machines to have internet access, and control internet access via squid or some other proxy software, preventing your windows machines from seeing internet?

-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

Follow-Ups:
- Re: [edlug] Network configuration question
  - From: Stuart Carter

References:
- [edlug] Network configuration question
  - From: Stuart Carter

Prev by Date: Re: [edlug] Network configuration question
Next by Date: Re: [edlug] Network configuration question
Previous by thread: Re: [edlug] Network configuration question
Next by thread: Re: [edlug] Network configuration question
Index(es):
- Main
- Thread

Morpheux

This archive is kept by wibble+RM@xxx.xxx.xxx
Morpheux

HomePage