> aragonx@xxxxxxxxxx wrote: > >>>My means : >>>The Server machine is not DMZ, so can it use Private IP only ? >>> >>> >> >>Your only limitation is that a machine can NOT use an address in the >>private IP range to communicate DIRECTLY to the Internet. >> >> > Sorry, pardon me ! I did not mean to sound like I was yelling. I simply used the capitals to emphasize. :) >>If you have a router (be it hardware or software) to map your traffic to >> a >>public IP, you can use either. >> >> > The router machine is a general router machine which provided by ISP, so > it can't to be configed with firewall function ( only routed / routing > function )... Another poster suggested you go and install surewall. I would not suggest you do that! Not without some thought and planning anyway. You would want a good understanding of what that package is and how it can help you. Putting another router that is totally under your control between your network and your ISPs is a good idea though. Give a lot of thought to your network design and what you want to do with it. Do some reading on DMZs and what they are intended to do. You really want to allow the minimum amount of incoming (and to a slightly lesser degree outgoing) traffic while still allowing your users to perform their functions. Here are a few sites to get you started: http://tldp.org/HOWTO/Security-HOWTO/index.html http://www.netfilter.org/ http://www.linuxsecurity.com/ I hope this all makes sense without being too basic. Security is an important topic. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
