>>>>> "Haim" == Haim Ashkenazi <[EMAIL PROTECTED]> writes:
Haim> Hi I have a host in my DMZ that has both anonymous ftp and
Haim> pop3 ports open (this can't be changed). since I really
Haim> don't trust this setup, I was thinking about ways to isolate
Haim> this host so no one who break to this computer, can access
Haim> other computers on the DMZ (although other computers should
Haim> be able to access it). one obvious solution is to create a
Haim> second DMZ, but that would cost me the lost of three ip's,
Haim> so I'm trying to figure out ways to isolate him without
Haim> putting it in another subnet.
Haim> I thought about 2 solutions so far: 1. putting iptables on
Haim> all the other computers in the DMZ. 2. connecting this host
Haim> to another VLAN and set this configuration on the switch (I
Haim> have to see if that's even possible).
3. user-mode-linux (user-mode-linux.sf.net); put each service in a
seperate UML with tap interfaces to each UML with iptables making
sure anyway breaking the service in a UML can't get out.
Sincerely,
Adrian Phillips
--
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now? [OK]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
