Hi... Having a router and plugging 100+ computers directly into the router without a HUB is NOT going to work :) This will basically bring me back to having a server with like houndreds of NICs in them, which is physically impossible... But ta for the info... Regards, Chris Knipe Cell: (083) 430-8151 Natural ability has more often attained to glory and virtue, than education without natural ability at all. ----- Original Message ----- From: <ksemat@wawa.eahd.or.ug> To: Chris Knipe <cgknipe@mweb.co.za> Cc: <linux-net@vger.rutgers.edu> Sent: Saturday, August 05, 2000 10:44 AM Subject: Re: Forced Routing? > I begin to think that maybe instead of a hub you should have a router for > your networkand have all the servers plugged into it and restrict it from > forwarding packets from one machine to the other. Now I am not very > knowledgeable in this so I guess the gurus here can say more on this > issue. > On Sat, 5 Aug 2000, Chris Knipe wrote: > > > Date: Sat, 05 Aug 2000 07:04:10 +0200 > > From: Chris Knipe <cgknipe@mweb.co.za> > > To: linux-net@vger.rutgers.edu > > Subject: Forced Routing? > > > > Hi... > > > > I just have a simple question quickly.... (or I hope it will be)... > > > > Technically, as I understand it, specifying a default gateway (or a gateway > > at all) for TCP/IP routing information is irrelvent *IF* the IP addresses > > are located on the same subnet?? Simple scenario... > > > > PC1 <-----> PC2 > > > > Both are on the same network, 192.168.1.0/255.255.255.224 > > > > Now, in otherwords, PC1 and 2 will know of each other only via ARP cache, > > and thus, will know that they are directly reachable, and thus not use any > > gateway information specified in a routing table? Well, I might be right, I > > might be wrong about this, but the question I have, is a bit more > > complicated... > > > > Say for example, I have a bunch of PCs, all on the same network, all routing > > via one machine (default gateway)... The network can possibly look > > something like this... (192.168.1.0/255.255.255.224) > > > > PC1 PC2 PC3 PC4 > > \ | | / > > \ | | / > > ------------------ > > | > > GATEWAY > > > > The question is simply, how can I firewall PC1, 2, 3 and 4 from EACH OTHER, > > without subnetting them all. If I subnet it, it firstly would mean that my > > firewall machine would need houndreds of network cards (which is physically > > impossible - seeing im practice, I'm literally talking 100+ computers in > > this farm).... Secondly, data from PC1 directed to PC2 WILL NOT be routed > > by the FIREWLL machine, but will only be broadcasted back to the > > destination, because of the features and workings of UTP HUBs, and TCP/IP > > routing.... > > > > So how do I get my gateway machine (firewall) to protect the entire server > > farm from the outside world (this is fairly simple, I just stick a second > > NIC in it and set the firewall up), but also haev the gateway to protect the > > machines from each other INSIDE the firewall? > > > > Why do I want to do this? We plan on setting up a server farm where our > > customers will be able to rent dedicated servers from us for their own > > personal use. Due to the security involved, we need to have all the servers > > in the same server farm, aswell as haev firewall protection for every > > machine in the farm from each other. The firewall rules is not that > > importaint at the moment, because of the fact that the farm will more than > > likely all be protectd by the same rules, as I stated however, the problem > > lies in the matter at which we can go about to implement these rules > > INTERNALLY between the servers in the farm. > > > > As far as I know, it is impossible to do. UTP Hubs broadcast all the > > information received on a port, to all the other ports connected to the same > > hub. Therefor, all the machines on the same hub, will receive the > > information. On the other hand, there are a few places doing things like > > this allready, which means that technically, it MUST be possible... > > > > Can one way of doing this perhaps be in the configuration and layout of the > > physical network (hubs, switches, and cables), perhaps in something like the > > following scenarion.... > > > > SERVER SERVER SERVER > > | | | > > HUB HUB HUB > > | | | > > ------------------------ > > | > > SWITCH > > | > > GATEWAY > > > > Or will this scenario also allow communications to take place between the > > servers without their data being checked and firewalled by the gateway > > firewall? > > > > ANY help will greately be appreciated, and I look forward to your replies. > > > > Regards, > > Chris Knipe > > Cell: (083) 430-8151 > > > > Natural ability has more often attained to glory and virtue, than education > > without natural ability at all. > > > > > > - > > : send the line "unsubscribe linux-net" in > > the body of a message to majordomo@vger.rutgers.edu > > > > Noah > ksemat@eahd.or.ug > > > - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
