I'm looking at making my network like so:
Code:
The Net
|
|
ADSL Modem
|
|
eth0: IP DHCP Assigned by ISP
|
|
Firewall (OS: OpenBSD)--eth1: IP 10.0.0.1-------Web Server: IP: 10.0.0.2 (OS: Debian)
|
|
eth2: IP: 192.162.0.1
|
|
Switch to workstations
now hopefully this turns out alright and you can understand it...lol.
Now, with these green, orange and red DMZ things you can setup with smoothwall and stuff, how could i do that with this...
I want it to do this: The webserver cannot talk to my internal LAN, it can only talk to my firewall, but the LAN can talk to the web server and view pages, etc...and i put it on a different IP range because it seems more secure, idk why, it just 'seems' to be more secure to me...hehe...
The way i designed it like this is: if my webserver (apache or whatever) gets compromised, it won't be able to view shares, ping, talk or anything to my internal LAN computers, only the firewall so the hacker would then need to try and compromise the firewall (have fun with OpenBSD biatches
) before they can even get near my LAN...
Now, is it all possible? How would i keep that webserver from talking to my lan, etc...
Thanks guys
EDIT: Btw, to move my hardware around to get max performance...
I have about 4 computers on the LAN needing net access and webserver access...I have an AMD K6-2 350 and a 686 PR233 (Is this a pentium 233???)....now, what would need the most CPU, the firewall or webserver? the webserver isn't going to be viewed all the time, only occasionally, whereas the firewall will be used all the time...
RAM isn't an issue, I'll just chuck whatever needs more in them (I'm thinking 128 in the webserver and 64 in the firewall...) as both machines can take SD-Ram...