I have a network with firewall.
My internal workstations have access ton Internet.
I will like to add a sever on the internal network which should not
have an access to Internet.
Only internal computers should have access to this server.
Do I need to setup a second firewall?
Thanks
In article <1166501293.855436.116750@73g2000cwn.googlegroups.com>,
mk
>I have a network with firewall.
>My internal workstations have access ton Internet.
>I will like to add a sever on the internal network which should not
>have an access to Internet.
>Only internal computers should have access to this server.
>Do I need to setup a second firewall?
Most firewalls are able to do the appropriate blocking (supposing
that the server does not "spoof" the address of a different machine.)
hmm,
well, i think you should apply an extended access-list if you have a
cisco router/firewall. another solution is not to define the default
gateway on your server and it wont reach the internet
On Dec 19, 9:12 am, rober...@hushmail.com (Walter Roberson) wrote:
> In article <1166501293.855436.116...@73g2000cwn.googlegroups.com>,
>
> mk
> >I have a network with firewall.
> >My internal workstations have access ton Internet.
> >I will like to add a sever on the internal network which should not
> >have an access to Internet.
> >Only internal computers should have access to this server.
> >Do I need to setup a second firewall?Most firewalls are able to do the appropriate blocking (supposing
> that the server does not "spoof" the address of a different machine.)
I would like to fully isolate server from Internet (both ways).
I am using a Linux box as a firewall.
Maybe third NIC will solve my problem.
My current setup include 3 networks (one is physically
isolated from Internet).
This works well but each user has two computers (one with connection
to Internet (behind firewall) and second one connected only to separate
internal server (without Internet).
Ideally I will like to have just one workstation per user
(with connection to Internet and secure server) but I cannot sacrifice
security of my internal server.
c0rn_phlex wrote:
> hmm,
>
> well, i think you should apply an extended access-list if you have a
> cisco router/firewall. another solution is not to define the default
> gateway on your server and it wont reach the internet
>