|
|
|
|
|
|
by palata
441 days ago
|
|
|
This is very interesting! Have you considered writing a blog post explaining that kind of setup? I would love that! In the meantime, thanks a lot for the insights, that's a good starting point! > I'm not a fan of DMZ as they get messy as you then have to ensure your host is protected correctly. Could you elaborate on that? Specifically in my case I would have a perimeter router to which I would connect both my server and the inner router. My LAN would stay behind the inner router, so my understanding is that it still strictly has the same security as when my inner router was connected to the ISP; I just add a layer with the perimeter router. Then the perimeter router opens the server (probably just chosen ports) to the public Internet, so that the server is reachable. Wouldn't that mean that my host is protected correctly? |
|
|
While home routers tend to set their rules as outbound allow and inbound denied. My DC just provides me with a network cable to the big pond of data.
How I secure that for my home network is using my personal rig with multiple network ports.
One port acts as a public bridge. And the 3rd and 4th network ports then are then assigned to the private bridges
The 2nd port then sits in a middle bridge where it communicates to both the public and private bridge.