Rudi Ahlers wrote: > On Sat, Jul 16, 2011 at 2:56 PM, Drew <drew.kay at gmail.com> wrote: >>> not to mention danger of PC's bypassing your one-NIC firewall and >>> unsafely connecting to the outside. >> That I think is the biggest danger with a one NIC setup. >> >> Linux boxen may be safe(r) (then windows) from being infected or >> hacked but just one malicious machine can bypass the security in place >> if you don't logically *and* physically separate your subnets. >> >> >> -- >> Drew >> > > > You can have the same problem with a multi-NIC firewall, by the way. > If you secure that firewall unit facing internet *properly*, you are safe from outside. This is not the case with the setup I described. I wrote about "physical presence *outside* of your network", like if you are on a large WISP that uses bridged network (bad design) and your Wireless client is bridged, and you have single NIC firewall in place, entire WISP's network will be able to sniff your traffic and hack into unprotected workstations/desktops. And there are those scenarios, much more then you can think. Ljubomir