----- Original Message ----- > From: "Brandon Martin" <lists.na...@monmotha.net>
> As to why people wouldn't put them behind dedicated firewalls, imagine > something like a single-server colo scenario. Most such providers don't > offer any form of lights-out management aside from maybe remote reboot > (power-cycle) nor do they offer any form of protected/secondary network > to their customers. So, if you want to save yourself from a trip, you > chuck the thing raw on a public IP and hope you configured it right. Well, *I* would firewall eth1 from eth0 and cross-over eth1 to the ILO jack; let the box be the firewall. Sure, it's still as breakable as the box proper, but security-by-obscurity isn't *bad*, it's just *not good enough*. It's another layer of tape. Whether it's teflon or Gorilla is up to you. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274