In-Reply-To: 
@Message-Id: 
From: "Maynard Riley" 
@X-Yahoo-Profile: wh00sh
@Mime-Version: 1.0
@Mailing-List: list os2user{at}yahoogroups.com; contact os2user-owner{at}yahoogroups.com
@Delivered-To: mailing list os2user{at}yahoogroups.com
@Precedence: bulk
@List-Unsubscribe: 
@Date: Wed, 03 Sep 2003 07:38:37 -0500 (CDT)
Subject: Re: OS/2 Netbios blocking
Reply-To: os2user{at}yahoogroups.com
@Content-Type: text/plain; charset=US-ASCII
@Content-Transfer-Encoding: 7bit

Great inputs from David and Stephen.

My experience with network hardware is quite limited to NICs and a
single home-flavor Linksys switch/router which provides NAT to
everything on the inside, with one port available for DMZ which would
not be NATted.

Servers which are intended to be accessed by the public via the
internet, should probably have static IPs and not be NATted. NAT
provides inherent firewalling for those systems, but the servers will
need their own firewall, either collectively behind a single firewall,
or each separately.

Indications that you should consider new topology and hardware appear
reasonable.

I understand from David that netbios/netbeui packets will be broadcast
along the wire attached to your interface, to all systems on that wire;
but will not "cross a router". 

So for instance you could put one of those +/- $100 4 port routers on
your DSL modem; put your switch on the DMZ port which hopefully (but it
may not!, does anybody know?) stops the netbios packets, and one of the
NATted inside ports to another internal network switch (if you have
more inside than ports on the router/switch)

Another option would be to put two NICs into your servers, one for
tcpip, another for the internal netbios traffic.

At any event the servers should probably be firewalled as well. 
ref. fx.dk

My SOHO network connects to the internet via InJoy serving as router
and firewall, also NATting the internal systems. It would be easier to
connect through the Linksys external port, but Injoy firewall provides
much more granular control and logging, and can port-forward to a
service on a NATted system if desired, so that a single static IP could
forward inbound :110, :25, and :80 traffic to different NATted boxes.

Cheers/2,

-- Maynard




------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark
Printer at Myinks.com. Free s/h on orders $50 or more to the US &
Canada. http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/E8folB/TM
---------------------------------------------------------------------~->

To unsubscribe from this group, send an email to:
os2user-unsubscribe{at}yahoogroups.com

 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



---