In article <46b1cd82$0$24754$da0feed9@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
> what firewall/security network configurations do techies tend to have?
>
> i'm interested in examples
> of course, it depends on what they are doing with it, but that'd be
> part of the example..
>
>
>
> This was originally asked in a discussion within an offshoot of a
> recent thread but the one response from the person I asked, suggested
> that a new thread be made for it!

Describe the situations that you want a solution for.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Leythos wrote:

> In article <46b1cd82$0$24754$da0feed9@news.zen.co.uk>, jameshanley39
> @yahoo.co.uk says...
> > what firewall/security network configurations do techies tend to
> > have?
> >
> > i'm interested in examples
> > of course, it depends on what they are doing with it, but that'd be
> > part of the example..
> >
> >
> >
> > This was originally asked in a discussion within an offshoot of a
> > recent thread but the one response from the person I asked,
> > suggested that a new thread be made for it!
>
> Describe the situations that you want a solution for.

Well, an example would be a techie with a network, running a few open
servers, and 1 or a few of his computers not running open servers.

a solution might be that watchguard firewall applicance you speak of,
with the same ip on each physical port, transfers between physical
ports based on tcp port, and can have a NAT Router connected to a port.
That could then provide a physical port for a (real) DMZ, another for
the untrusted network (the internet), and another for the LAN.

You said that was a solution for the ignorant masses though. So I
wondered what other examples(uses/solutions) you had in mind, that you
wouldn't categorise as being 'for the ignorant masses'.

I'm sure you could think of more technical situations&solutions?

TIA


--

Provide the situtaion you facing issues with..

CK wrote:

> Provide the situtaion you facing issues with..

I am not facing issues with a situation. My question is as I posted it.



I asked it to Leythos in a previous thread, after reading his advice
there. He asked for an example to demonstrate the question, and I gave
one, and then he suggested I make a new thread of it, and I did. It
was addressed to him though he thought others would have contributions
too. I needn't link to the previous thread, it might defeat the purpose
of starting a new one!

In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
> I asked it to Leythos in a previous thread, after reading his advice
> there. He asked for an example to demonstrate the question, and I gave
> one, and then he suggested I make a new thread of it, and I did. It
> was addressed to him though he thought others would have contributions
> too. I needn't link to the previous thread, it might defeat the purpose
> of starting a new one!

And the point is that you kept going in circles in another thread.

So, your NEED, for a "techie" is:

"a techie with a network, running a few open servers, and 1 or a few of
his computers not running open servers."

What server apps on which servers?

We need to know how many HTTP services on which servers - this will
determine if he needs more than 1 IP since a single IP/HTTP can only be
routed to 1 IP on the LAN/DMZ

Need more details, that's what I said before, give a list of Servers (as
in Boxes) and what services are running on them, and list Public or
Private for a started.


Example:

BOX 1: FTP Public
BOX 1: HTTP Public
BOX 1: SSL Public

BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
BOX 2: SMTP PUBLIC/LAN
BOX 2: SSL PUBLIC/LAN
BOX 2: POP3 PUBLIC/LAN

BOX 3: Personal Computer 1
BOX 4: Personal Computer 2

Give us something like this

As you can see, with two different boxes needing SSL, that means we need
at least 2 public IP, so the devil is in the details.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Leythos wrote:

> In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>, jameshanley39
> @yahoo.co.uk says...
> > I asked it to Leythos in a previous thread, after reading his advice
> > there. He asked for an example to demonstrate the question, and I
> > gave one, and then he suggested I make a new thread of it, and I
> > did. It was addressed to him though he thought others would have
> > contributions too. I needn't link to the previous thread, it might
> > defeat the purpose of starting a new one!
>
> And the point is that you kept going in circles in another thread.
>
> So, your NEED, for a "techie" is:
>
> "a techie with a network, running a few open servers, and 1 or a few
> of his computers not running open servers."
>
> What server apps on which servers?
>
> We need to know how many HTTP services on which servers - this will
> determine if he needs more than 1 IP since a single IP/HTTP can only
> be routed to 1 IP on the LAN/DMZ
>
> Need more details, that's what I said before, give a list of Servers
> (as in Boxes) and what services are running on them, and list Public
> or Private for a started.
>
>
> Example:
>
> BOX 1: FTP Public
> BOX 1: HTTP Public
> BOX 1: SSL Public
>
> BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> BOX 2: SMTP PUBLIC/LAN
> BOX 2: SSL PUBLIC/LAN
> BOX 2: POP3 PUBLIC/LAN
>
> BOX 3: Personal Computer 1
> BOX 4: Personal Computer 2
>
> Give us something like this
>
> As you can see, with two different boxes needing SSL, that means we
> need at least 2 public IP, so the devil is in the details.

Like that is fine. Could add a VNC server on boxes 1-4. would be
mostly 'private' but any of them may be occassionally accessed by a
particular comp outside of the local network. Similarly with FTP
server, but for boxes 3,4.

I don't know what you would call that but for now i'll call it
semi-private. i.e. private but one remote ip allowed from time to time.

And, as you said, about the HTTP, let's have another public web server
on another box.

Could have 3 more comps that run only private servers, just a private
VNC server, Ultra VNC, for viewing and file transfer.


so
BOX 1: FTP Public
BOX 1: HTTP Public
BOX 1: SSL Public
Box 1: VNC Semi-Private

BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
BOX 2: SMTP PUBLIC/LAN
BOX 2: SSL PUBLIC/LAN
BOX 2: POP3 PUBLIC/LAN
Box 2: FTP Server Semi-private
Box 2: VNC Server Semi-private
Box 2: HTTP PUBLIC

BOX 3: Personal Computer 1
Box 3: VNC Server semi-private
Box 3: FTP server semi-private

BOX 4: Personal Computer 2
Box 4: VNC Server semi-private
Box 4: FTP Server semi-private

Box 5,6,7: 'personal computers', Running Private VNC








--

In article <46b4f7ac$0$24757$da0feed9@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
> Leythos wrote:
>
> > In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>, jameshanley39
> > @yahoo.co.uk says...
> > > I asked it to Leythos in a previous thread, after reading his advice
> > > there. He asked for an example to demonstrate the question, and I
> > > gave one, and then he suggested I make a new thread of it, and I
> > > did. It was addressed to him though he thought others would have
> > > contributions too. I needn't link to the previous thread, it might
> > > defeat the purpose of starting a new one!
> >
> > And the point is that you kept going in circles in another thread.
> >
> > So, your NEED, for a "techie" is:
> >
> > "a techie with a network, running a few open servers, and 1 or a few
> > of his computers not running open servers."
> >
> > What server apps on which servers?
> >
> > We need to know how many HTTP services on which servers - this will
> > determine if he needs more than 1 IP since a single IP/HTTP can only
> > be routed to 1 IP on the LAN/DMZ
> >
> > Need more details, that's what I said before, give a list of Servers
> > (as in Boxes) and what services are running on them, and list Public
> > or Private for a started.
> >
> >
> > Example:
> >
> > BOX 1: FTP Public
> > BOX 1: HTTP Public
> > BOX 1: SSL Public
> >
> > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > BOX 2: SMTP PUBLIC/LAN
> > BOX 2: SSL PUBLIC/LAN
> > BOX 2: POP3 PUBLIC/LAN
> >
> > BOX 3: Personal Computer 1
> > BOX 4: Personal Computer 2
> >
> > Give us something like this
> >
> > As you can see, with two different boxes needing SSL, that means we
> > need at least 2 public IP, so the devil is in the details.
>
> Like that is fine. Could add a VNC server on boxes 1-4. would be
> mostly 'private' but any of them may be occassionally accessed by a
> particular comp outside of the local network. Similarly with FTP
> server, but for boxes 3,4.
>
> I don't know what you would call that but for now i'll call it
> semi-private. i.e. private but one remote ip allowed from time to time.
>
> And, as you said, about the HTTP, let's have another public web server
> on another box.
>
> Could have 3 more comps that run only private servers, just a private
> VNC server, Ultra VNC, for viewing and file transfer.
>
>
> so
> BOX 1: FTP Public
> BOX 1: HTTP Public
> BOX 1: SSL Public
> Box 1: VNC Semi-Private
>
> BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> BOX 2: SMTP PUBLIC/LAN
> BOX 2: SSL PUBLIC/LAN
> BOX 2: POP3 PUBLIC/LAN
> Box 2: FTP Server Semi-private
> Box 2: VNC Server Semi-private
> Box 2: HTTP PUBLIC
>
> BOX 3: Personal Computer 1
> Box 3: VNC Server semi-private
> Box 3: FTP server semi-private
>
> BOX 4: Personal Computer 2
> Box 4: VNC Server semi-private
> Box 4: FTP Server semi-private
>
> Box 5,6,7: 'personal computers', Running Private VNC

Based on all the FTP with public access, that means you're going to have
to have at least 4 Public IP addresses for routing or other, so that
counts out almost all of the cheap SOHO units.

The DFL-700 would work in this case, as would any real firewall that
supports LAN/DMZ networks in a true separate network.

As this is not a "techie" network, at least none of the low level
techies I know can afford 4+ IP in most cases, and since none of the
home user service providers (at least most) don't allow FTP, HTTP or
SMTP servers on their network, this would be a Business Solution or a
solution for someone that builds networks.

So, on the very cheapest side, a business class internet solution, lets
say 6 usable IP, and your Personal boxes are in the LAN and the others
are in the DMZ.

The SEMI - Private items make them NOT SEMI-PRIVATE, so the two PC's
will be in the LAN and not have FTP or VNC exposed except to Firewall
authenticated users. Box 1 and 2 will be public and their services will
be exposed to the PUBLIC.

LAN IP: 192.168.16.0/24
DMZ IP: 192.168.32.0/24

NAT to map public IP to proper private IP....

You can do the rest I'm sure...

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Leythos wrote:

> In article <46b4f7ac$0$24757$da0feed9@news.zen.co.uk>, jameshanley39
> @yahoo.co.uk says...
> > Leythos wrote:
> >
> > > In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>,
> > > jameshanley39 @yahoo.co.uk says...
> > > > I asked it to Leythos in a previous thread, after reading his
> > > > advice there. He asked for an example to demonstrate the
> > > > question, and I gave one, and then he suggested I make a new
> > > > thread of it, and I did. It was addressed to him though he
> > > > thought others would have contributions too. I needn't link to
> > > > the previous thread, it might defeat the purpose of starting a
> > > > new one!
> > >
> > > And the point is that you kept going in circles in another thread.
> > >
> > > So, your NEED, for a "techie" is:
> > >
> > > "a techie with a network, running a few open servers, and 1 or a
> > > few of his computers not running open servers."
> > >
> > > What server apps on which servers?
> > >
> > > We need to know how many HTTP services on which servers - this
> > > will determine if he needs more than 1 IP since a single IP/HTTP
> > > can only be routed to 1 IP on the LAN/DMZ
> > >
> > > Need more details, that's what I said before, give a list of
> > > Servers (as in Boxes) and what services are running on them, and
> > > list Public or Private for a started.
> > >
> > >
> > > Example:
> > >
> > > BOX 1: FTP Public
> > > BOX 1: HTTP Public
> > > BOX 1: SSL Public
> > >
> > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > BOX 2: SMTP PUBLIC/LAN
> > > BOX 2: SSL PUBLIC/LAN
> > > BOX 2: POP3 PUBLIC/LAN
> > >
> > > BOX 3: Personal Computer 1
> > > BOX 4: Personal Computer 2
> > >
> > > Give us something like this
> > >
> > > As you can see, with two different boxes needing SSL, that means
> > > we need at least 2 public IP, so the devil is in the details.
> >
> > Like that is fine. Could add a VNC server on boxes 1-4. would be
> > mostly 'private' but any of them may be occassionally accessed by a
> > particular comp outside of the local network. Similarly with FTP
> > server, but for boxes 3,4.
> >
> > I don't know what you would call that but for now i'll call it
> > semi-private. i.e. private but one remote ip allowed from time to
> > time.
> > And, as you said, about the HTTP, let's have another public web
> > server on another box.
> >
> > Could have 3 more comps that run only private servers, just a
> > private VNC server, Ultra VNC, for viewing and file transfer.
> >
> >
> > so
> > BOX 1: FTP Public
> > BOX 1: HTTP Public
> > BOX 1: SSL Public
> > Box 1: VNC Semi-Private
> >
> > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > BOX 2: SMTP PUBLIC/LAN
> > BOX 2: SSL PUBLIC/LAN
> > BOX 2: POP3 PUBLIC/LAN
> > Box 2: FTP Server Semi-private
> > Box 2: VNC Server Semi-private
> > Box 2: HTTP PUBLIC
> >
> > BOX 3: Personal Computer 1
> > Box 3: VNC Server semi-private
> > Box 3: FTP server semi-private
> >
> > BOX 4: Personal Computer 2
> > Box 4: VNC Server semi-private
> > Box 4: FTP Server semi-private
> >
> > Box 5,6,7: 'personal computers', Running Private VNC
>
> Based on all the FTP with public access, that means you're going to
> have to have at least 4 Public IP addresses for routing or other, so
> that counts out almost all of the cheap SOHO units.
>

FTP would run on different ports. I wasn't planning on many ips for
that.



> The DFL-700 would work in this case, as would any real firewall that
> supports LAN/DMZ networks in a true separate network.
>

You said the Watchguard firewall was a solution for the ignorant
masses. How is this DFL-700 not ?


> As this is not a "techie" network, at least none of the low level
> techies I know can afford 4+ IP in most cases, and since none of the
> home user service providers (at least most) don't allow FTP, HTTP or
> SMTP servers on their network, this would be a Business Solution or a
> solution for someone that builds networks.
>

That's weird, i've never had a problem running an http server if i
wanted to, and others i've shown how to do that, haven't had a problem
either. It isn't blocked by their isp.

Anyhow.. let's assume that the ISP doesn't block every server you
suggested we use on this network. Maybe i'm misunderstanding you.


> So, on the very cheapest side, a business class internet solution,
> lets say 6 usable IP, and your Personal boxes are in the LAN and the
> others are in the DMZ.
>

This looks like the watchguard appliance, with LAN and DMZ. But you
called that a solution for the ignorant masses. So, I was wondering
what you considered a solution not for the "ignorant masses".


> The SEMI - Private items make them NOT SEMI-PRIVATE, so the two PC's
> will be in the LAN and not have FTP or VNC exposed except to Firewall
> authenticated users. Box 1 and 2 will be public and their services
> will be exposed to the PUBLIC.
>
> LAN IP: 192.168.16.0/24
> DMZ IP: 192.168.32.0/24
>
> NAT to map public IP to proper private IP....

Out of interest. Is it pointless to have that watchguard appliance you
spoke of with NAT turned off, and NAT Routers connected to each port.

Since, as you suggest here, may as well turn NAT on, and port redirect
to comps on whichever subnet.




--

In article <46b56385$0$15209$fa0fcedb@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
> Leythos wrote:
>
> > In article <46b4f7ac$0$24757$da0feed9@news.zen.co.uk>, jameshanley39
> > @yahoo.co.uk says...
> > > Leythos wrote:
> > >
> > > > In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>,
> > > > jameshanley39 @yahoo.co.uk says...
> > > > > I asked it to Leythos in a previous thread, after reading his
> > > > > advice there. He asked for an example to demonstrate the
> > > > > question, and I gave one, and then he suggested I make a new
> > > > > thread of it, and I did. It was addressed to him though he
> > > > > thought others would have contributions too. I needn't link to
> > > > > the previous thread, it might defeat the purpose of starting a
> > > > > new one!
> > > >
> > > > And the point is that you kept going in circles in another thread.
> > > >
> > > > So, your NEED, for a "techie" is:
> > > >
> > > > "a techie with a network, running a few open servers, and 1 or a
> > > > few of his computers not running open servers."
> > > >
> > > > What server apps on which servers?
> > > >
> > > > We need to know how many HTTP services on which servers - this
> > > > will determine if he needs more than 1 IP since a single IP/HTTP
> > > > can only be routed to 1 IP on the LAN/DMZ
> > > >
> > > > Need more details, that's what I said before, give a list of
> > > > Servers (as in Boxes) and what services are running on them, and
> > > > list Public or Private for a started.
> > > >
> > > >
> > > > Example:
> > > >
> > > > BOX 1: FTP Public
> > > > BOX 1: HTTP Public
> > > > BOX 1: SSL Public
> > > >
> > > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > > BOX 2: SMTP PUBLIC/LAN
> > > > BOX 2: SSL PUBLIC/LAN
> > > > BOX 2: POP3 PUBLIC/LAN
> > > >
> > > > BOX 3: Personal Computer 1
> > > > BOX 4: Personal Computer 2
> > > >
> > > > Give us something like this
> > > >
> > > > As you can see, with two different boxes needing SSL, that means
> > > > we need at least 2 public IP, so the devil is in the details.
> > >
> > > Like that is fine. Could add a VNC server on boxes 1-4. would be
> > > mostly 'private' but any of them may be occassionally accessed by a
> > > particular comp outside of the local network. Similarly with FTP
> > > server, but for boxes 3,4.
> > >
> > > I don't know what you would call that but for now i'll call it
> > > semi-private. i.e. private but one remote ip allowed from time to
> > > time.
> > > And, as you said, about the HTTP, let's have another public web
> > > server on another box.
> > >
> > > Could have 3 more comps that run only private servers, just a
> > > private VNC server, Ultra VNC, for viewing and file transfer.
> > >
> > >
> > > so
> > > BOX 1: FTP Public
> > > BOX 1: HTTP Public
> > > BOX 1: SSL Public
> > > Box 1: VNC Semi-Private
> > >
> > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > BOX 2: SMTP PUBLIC/LAN
> > > BOX 2: SSL PUBLIC/LAN
> > > BOX 2: POP3 PUBLIC/LAN
> > > Box 2: FTP Server Semi-private
> > > Box 2: VNC Server Semi-private
> > > Box 2: HTTP PUBLIC
> > >
> > > BOX 3: Personal Computer 1
> > > Box 3: VNC Server semi-private
> > > Box 3: FTP server semi-private
> > >
> > > BOX 4: Personal Computer 2
> > > Box 4: VNC Server semi-private
> > > Box 4: FTP Server semi-private
> > >
> > > Box 5,6,7: 'personal computers', Running Private VNC
> >
> > Based on all the FTP with public access, that means you're going to
> > have to have at least 4 Public IP addresses for routing or other, so
> > that counts out almost all of the cheap SOHO units.
> >
>
> FTP would run on different ports. I wasn't planning on many ips for
> that.

You didn't specify that.

> > The DFL-700 would work in this case, as would any real firewall that
> > supports LAN/DMZ networks in a true separate network.
> >
>
> You said the Watchguard firewall was a solution for the ignorant
> masses. How is this DFL-700 not ?

They are both solutions for the ignorant masses, but we're not talking
about the Ignorant masses here - stop diverting from the subject.

> > As this is not a "techie" network, at least none of the low level
> > techies I know can afford 4+ IP in most cases, and since none of the
> > home user service providers (at least most) don't allow FTP, HTTP or
> > SMTP servers on their network, this would be a Business Solution or a
> > solution for someone that builds networks.
> >
>
> That's weird, i've never had a problem running an http server if i
> wanted to, and others i've shown how to do that, haven't had a problem
> either. It isn't blocked by their isp.

And many ISP, most, have a TOS that does not permit users to run servers
- that and that's the crux of the issue for that.

> Anyhow.. let's assume that the ISP doesn't block every server you
> suggested we use on this network. Maybe i'm misunderstanding you.

No, you understand to the level of your experience, but your scope is
limited.

> > So, on the very cheapest side, a business class internet solution,
> > lets say 6 usable IP, and your Personal boxes are in the LAN and the
> > others are in the DMZ.
> >
>
> This looks like the watchguard appliance, with LAN and DMZ. But you
> called that a solution for the ignorant masses. So, I was wondering
> what you considered a solution not for the "ignorant masses".

You are playing games again and I'm not going to play along.

This thread, as you posted, is not about the Ignorant Masses and you're
taking things out of context - you are really starting to look like you
are trolling.

> > The SEMI - Private items make them NOT SEMI-PRIVATE, so the two PC's
> > will be in the LAN and not have FTP or VNC exposed except to Firewall
> > authenticated users. Box 1 and 2 will be public and their services
> > will be exposed to the PUBLIC.
> >
> > LAN IP: 192.168.16.0/24
> > DMZ IP: 192.168.32.0/24
> >
> > NAT to map public IP to proper private IP....
>
> Out of interest. Is it pointless to have that watchguard appliance you
> spoke of with NAT turned off, and NAT Routers connected to each port.

No, if you have enough Public IP you can use the WG (any firewall that
supports it) in a mode that all devices work of public IP's, it's up to
you, but that's not what you asked and not the solution that one would
offer based on what you asked.

> Since, as you suggest here, may as well turn NAT on, and port redirect
> to comps on whichever subnet.

Again, THIS solution was presented based on what you asked and said you
wanted. One solution does not fit all scenarios, please be more specific
if you want a different answer.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Leythos wrote:

> In article <46b56385$0$15209$fa0fcedb@news.zen.co.uk>, jameshanley39
> @yahoo.co.uk says...
> > Leythos wrote:
> >
> > > In article <46b4f7ac$0$24757$da0feed9@news.zen.co.uk>,
> > > jameshanley39 @yahoo.co.uk says...
> > > > Leythos wrote:
> > > >
> > > > > In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>,
> > > > > jameshanley39 @yahoo.co.uk says...
> > > > > > I asked it to Leythos in a previous thread, after reading
> > > > > > his advice there. He asked for an example to demonstrate the
> > > > > > question, and I gave one, and then he suggested I make a new
> > > > > > thread of it, and I did. It was addressed to him though he
> > > > > > thought others would have contributions too. I needn't link
> > > > > > to the previous thread, it might defeat the purpose of
> > > > > > starting a new one!
> > > > >
> > > > > And the point is that you kept going in circles in another
> > > > > thread.
> > > > >
> > > > > So, your NEED, for a "techie" is:
> > > > >
> > > > > "a techie with a network, running a few open servers, and 1
> > > > > or a few of his computers not running open servers."
> > > > >
> > > > > What server apps on which servers?
> > > > >
> > > > > We need to know how many HTTP services on which servers - this
> > > > > will determine if he needs more than 1 IP since a single
> > > > > IP/HTTP can only be routed to 1 IP on the LAN/DMZ
> > > > >
> > > > > Need more details, that's what I said before, give a list of
> > > > > Servers (as in Boxes) and what services are running on them,
> > > > > and list Public or Private for a started.
> > > > >
> > > > >
> > > > > Example:
> > > > >
> > > > > BOX 1: FTP Public
> > > > > BOX 1: HTTP Public
> > > > > BOX 1: SSL Public
> > > > >
> > > > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > > > BOX 2: SMTP PUBLIC/LAN
> > > > > BOX 2: SSL PUBLIC/LAN
> > > > > BOX 2: POP3 PUBLIC/LAN
> > > > >
> > > > > BOX 3: Personal Computer 1
> > > > > BOX 4: Personal Computer 2
> > > > >
> > > > > Give us something like this
> > > > >
> > > > > As you can see, with two different boxes needing SSL, that
> > > > > means we need at least 2 public IP, so the devil is in the
> > > > > details.
> > > >
> > > > Like that is fine. Could add a VNC server on boxes 1-4.
> > > > would be mostly 'private' but any of them may be occassionally
> > > > accessed by a particular comp outside of the local network.
> > > > Similarly with FTP server, but for boxes 3,4.
> > > >
> > > > I don't know what you would call that but for now i'll call it
> > > > semi-private. i.e. private but one remote ip allowed from time
> > > > to time.
> > > > And, as you said, about the HTTP, let's have another public web
> > > > server on another box.
> > > >
> > > > Could have 3 more comps that run only private servers, just a
> > > > private VNC server, Ultra VNC, for viewing and file transfer.
> > > >
> > > >
> > > > so
> > > > BOX 1: FTP Public
> > > > BOX 1: HTTP Public
> > > > BOX 1: SSL Public
> > > > Box 1: VNC Semi-Private
> > > >
> > > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > > BOX 2: SMTP PUBLIC/LAN
> > > > BOX 2: SSL PUBLIC/LAN
> > > > BOX 2: POP3 PUBLIC/LAN
> > > > Box 2: FTP Server Semi-private
> > > > Box 2: VNC Server Semi-private
> > > > Box 2: HTTP PUBLIC
> > > >
> > > > BOX 3: Personal Computer 1
> > > > Box 3: VNC Server semi-private
> > > > Box 3: FTP server semi-private
> > > >
> > > > BOX 4: Personal Computer 2
> > > > Box 4: VNC Server semi-private
> > > > Box 4: FTP Server semi-private
> > > >
> > > > Box 5,6,7: 'personal computers', Running Private VNC
> > >
> > > Based on all the FTP with public access, that means you're going
> > > to have to have at least 4 Public IP addresses for routing or
> > > other, so that counts out almost all of the cheap SOHO units.
> > >
> >
> > FTP would run on different ports. I wasn't planning on many ips for
> > that.
>
> You didn't specify that.
>
> > > The DFL-700 would work in this case, as would any real firewall
> > > that supports LAN/DMZ networks in a true separate network.
> > >
> >
> > You said the Watchguard firewall was a solution for the ignorant
> > masses. How is this DFL-700 not ?
>
> They are both solutions for the ignorant masses, but we're not
> talking about the Ignorant masses here - stop diverting from the
> subject.
>
> > > As this is not a "techie" network, at least none of the low level
> > > techies I know can afford 4+ IP in most cases, and since none of
> > > the home user service providers (at least most) don't allow FTP,
> > > HTTP or SMTP servers on their network, this would be a Business
> > > Solution or a solution for someone that builds networks.
> > >
> >
> > That's weird, i've never had a problem running an http server if i
> > wanted to, and others i've shown how to do that, haven't had a
> > problem either. It isn't blocked by their isp.
>
> And many ISP, most, have a TOS that does not permit users to run
> servers - that and that's the crux of the issue for that.
>
> > Anyhow.. let's assume that the ISP doesn't block every server you
> > suggested we use on this network. Maybe i'm misunderstanding you.
>
> No, you understand to the level of your experience, but your scope is
> limited.
>
> > > So, on the very cheapest side, a business class internet solution,
> > > lets say 6 usable IP, and your Personal boxes are in the LAN and
> > > the others are in the DMZ.
> > >
> >
> > This looks like the watchguard appliance, with LAN and DMZ. But you
> > called that a solution for the ignorant masses. So, I was wondering
> > what you considered a solution not for the "ignorant masses".
>
> You are playing games again and I'm not going to play along.
>
> This thread, as you posted, is not about the Ignorant Masses and
> you're taking things out of context - you are really starting to look
> like you are trolling.
>
> > > The SEMI - Private items make them NOT SEMI-PRIVATE, so the two
> > > PC's will be in the LAN and not have FTP or VNC exposed except to
> > > Firewall authenticated users. Box 1 and 2 will be public and
> > > their services will be exposed to the PUBLIC.
> > >
> > > LAN IP: 192.168.16.0/24
> > > DMZ IP: 192.168.32.0/24
> > >
> > > NAT to map public IP to proper private IP....
> >
> > Out of interest. Is it pointless to have that watchguard appliance
> > you spoke of with NAT turned off, and NAT Routers connected to each
> > port.
>
> No, if you have enough Public IP you can use the WG (any firewall
> that supports it) in a mode that all devices work of public IP's,
> it's up to you, but that's not what you asked and not the solution
> that one would offer based on what you asked.
>
> > Since, as you suggest here, may as well turn NAT on, and port
> > redirect to comps on whichever subnet.
>
> Again, THIS solution was presented based on what you asked and said
> you wanted. One solution does not fit all scenarios, please be more
> specific if you want a different answer.

Well, what I wanted was -for you to give an example- of a set up - a
scenario - that wasn't what you consider as being 'for the ignorant
masses'. I'm sorry if that wasn't clear

I don't mind what specifics you use, as long as the outcome is not
something you'd consider as being 'for the ignorant masses'. I hope
that's clearer.

In article <46b56da4$0$24747$da0feed9@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
> Leythos wrote:
>
> > In article <46b56385$0$15209$fa0fcedb@news.zen.co.uk>, jameshanley39
> > @yahoo.co.uk says...
> > > Leythos wrote:
> > >
> > > > In article <46b4f7ac$0$24757$da0feed9@news.zen.co.uk>,
> > > > jameshanley39 @yahoo.co.uk says...
> > > > > Leythos wrote:
> > > > >
> > > > > > In article <46b22823$0$15207$fa0fcedb@news.zen.co.uk>,
> > > > > > jameshanley39 @yahoo.co.uk says...
> > > > > > > I asked it to Leythos in a previous thread, after reading
> > > > > > > his advice there. He asked for an example to demonstrate the
> > > > > > > question, and I gave one, and then he suggested I make a new
> > > > > > > thread of it, and I did. It was addressed to him though he
> > > > > > > thought others would have contributions too. I needn't link
> > > > > > > to the previous thread, it might defeat the purpose of
> > > > > > > starting a new one!
> > > > > >
> > > > > > And the point is that you kept going in circles in another
> > > > > > thread.
> > > > > >
> > > > > > So, your NEED, for a "techie" is:
> > > > > >
> > > > > > "a techie with a network, running a few open servers, and 1
> > > > > > or a few of his computers not running open servers."
> > > > > >
> > > > > > What server apps on which servers?
> > > > > >
> > > > > > We need to know how many HTTP services on which servers - this
> > > > > > will determine if he needs more than 1 IP since a single
> > > > > > IP/HTTP can only be routed to 1 IP on the LAN/DMZ
> > > > > >
> > > > > > Need more details, that's what I said before, give a list of
> > > > > > Servers (as in Boxes) and what services are running on them,
> > > > > > and list Public or Private for a started.
> > > > > >
> > > > > >
> > > > > > Example:
> > > > > >
> > > > > > BOX 1: FTP Public
> > > > > > BOX 1: HTTP Public
> > > > > > BOX 1: SSL Public
> > > > > >
> > > > > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > > > > BOX 2: SMTP PUBLIC/LAN
> > > > > > BOX 2: SSL PUBLIC/LAN
> > > > > > BOX 2: POP3 PUBLIC/LAN
> > > > > >
> > > > > > BOX 3: Personal Computer 1
> > > > > > BOX 4: Personal Computer 2
> > > > > >
> > > > > > Give us something like this
> > > > > >
> > > > > > As you can see, with two different boxes needing SSL, that
> > > > > > means we need at least 2 public IP, so the devil is in the
> > > > > > details.
> > > > >
> > > > > Like that is fine. Could add a VNC server on boxes 1-4.
> > > > > would be mostly 'private' but any of them may be occassionally
> > > > > accessed by a particular comp outside of the local network.
> > > > > Similarly with FTP server, but for boxes 3,4.
> > > > >
> > > > > I don't know what you would call that but for now i'll call it
> > > > > semi-private. i.e. private but one remote ip allowed from time
> > > > > to time.
> > > > > And, as you said, about the HTTP, let's have another public web
> > > > > server on another box.
> > > > >
> > > > > Could have 3 more comps that run only private servers, just a
> > > > > private VNC server, Ultra VNC, for viewing and file transfer.
> > > > >
> > > > >
> > > > > so
> > > > > BOX 1: FTP Public
> > > > > BOX 1: HTTP Public
> > > > > BOX 1: SSL Public
> > > > > Box 1: VNC Semi-Private
> > > > >
> > > > > BOX 2: Public Game Server (Ports TCP 1234, 1235,1236)
> > > > > BOX 2: SMTP PUBLIC/LAN
> > > > > BOX 2: SSL PUBLIC/LAN
> > > > > BOX 2: POP3 PUBLIC/LAN
> > > > > Box 2: FTP Server Semi-private
> > > > > Box 2: VNC Server Semi-private
> > > > > Box 2: HTTP PUBLIC
> > > > >
> > > > > BOX 3: Personal Computer 1
> > > > > Box 3: VNC Server semi-private
> > > > > Box 3: FTP server semi-private
> > > > >
> > > > > BOX 4: Personal Computer 2
> > > > > Box 4: VNC Server semi-private
> > > > > Box 4: FTP Server semi-private
> > > > >
> > > > > Box 5,6,7: 'personal computers', Running Private VNC
> > > >
> > > > Based on all the FTP with public access, that means you're going
> > > > to have to have at least 4 Public IP addresses for routing or
> > > > other, so that counts out almost all of the cheap SOHO units.
> > > >
> > >
> > > FTP would run on different ports. I wasn't planning on many ips for
> > > that.
> >
> > You didn't specify that.
> >
> > > > The DFL-700 would work in this case, as would any real firewall
> > > > that supports LAN/DMZ networks in a true separate network.
> > > >
> > >
> > > You said the Watchguard firewall was a solution for the ignorant
> > > masses. How is this DFL-700 not ?
> >
> > They are both solutions for the ignorant masses, but we're not
> > talking about the Ignorant masses here - stop diverting from the
> > subject.
> >
> > > > As this is not a "techie" network, at least none of the low level
> > > > techies I know can afford 4+ IP in most cases, and since none of
> > > > the home user service providers (at least most) don't allow FTP,
> > > > HTTP or SMTP servers on their network, this would be a Business
> > > > Solution or a solution for someone that builds networks.
> > > >
> > >
> > > That's weird, i've never had a problem running an http server if i
> > > wanted to, and others i've shown how to do that, haven't had a
> > > problem either. It isn't blocked by their isp.
> >
> > And many ISP, most, have a TOS that does not permit users to run
> > servers - that and that's the crux of the issue for that.
> >
> > > Anyhow.. let's assume that the ISP doesn't block every server you
> > > suggested we use on this network. Maybe i'm misunderstanding you.
> >
> > No, you understand to the level of your experience, but your scope is
> > limited.
> >
> > > > So, on the very cheapest side, a business class internet solution,
> > > > lets say 6 usable IP, and your Personal boxes are in the LAN and
> > > > the others are in the DMZ.
> > > >
> > >
> > > This looks like the watchguard appliance, with LAN and DMZ. But you
> > > called that a solution for the ignorant masses. So, I was wondering
> > > what you considered a solution not for the "ignorant masses".
> >
> > You are playing games again and I'm not going to play along.
> >
> > This thread, as you posted, is not about the Ignorant Masses and
> > you're taking things out of context - you are really starting to look
> > like you are trolling.
> >
> > > > The SEMI - Private items make them NOT SEMI-PRIVATE, so the two
> > > > PC's will be in the LAN and not have FTP or VNC exposed except to
> > > > Firewall authenticated users. Box 1 and 2 will be public and
> > > > their services will be exposed to the PUBLIC.
> > > >
> > > > LAN IP: 192.168.16.0/24
> > > > DMZ IP: 192.168.32.0/24
> > > >
> > > > NAT to map public IP to proper private IP....
> > >
> > > Out of interest. Is it pointless to have that watchguard appliance
> > > you spoke of with NAT turned off, and NAT Routers connected to each
> > > port.
> >
> > No, if you have enough Public IP you can use the WG (any firewall
> > that supports it) in a mode that all devices work of public IP's,
> > it's up to you, but that's not what you asked and not the solution
> > that one would offer based on what you asked.
> >
> > > Since, as you suggest here, may as well turn NAT on, and port
> > > redirect to comps on whichever subnet.
> >
> > Again, THIS solution was presented based on what you asked and said
> > you wanted. One solution does not fit all scenarios, please be more
> > specific if you want a different answer.
>
> Well, what I wanted was -for you to give an example- of a set up - a
> scenario - that wasn't what you consider as being 'for the ignorant
> masses'. I'm sorry if that wasn't clear
>
> I don't mind what specifics you use, as long as the outcome is not
> something you'd consider as being 'for the ignorant masses'. I hope
> that's clearer.

And the above is not for the ignorant masses - what part do you have
trouble understanding?

Maybe you should ask the real question you want instead of playing the
game.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

On Aug 5, 7:35 am, Leythos wrote:
> In article <46b56da4$0$24747$da0fe...@news.zen.co.uk>,jameshanley39
> @yahoo.co.uk says...
>
>

> > Well, what I wanted was -for you to give an example- of a set up - a
> > scenario - that wasn't what you consider as being 'for the ignorant
> > masses'. I'm sorry if that wasn't clear
>
> > I don't mind what specifics you use, as long as the outcome is not
> > something you'd consider as being 'for the ignorant masses'. I hope
> > that's clearer.
>
> And the above is not for the ignorant masses - what part do you have
> trouble understanding?
>
> Maybe you should ask the real question you want instead of playing the
> game.
>

I did ask the real question and never changed it.
I'll explain the context so you can understand that this is a question
and not a game.
In the previous thread, 2 setups was discussed, one involving a NAT
Router, and the other that firewall appliance we have spoken about.
You said that both were for the ignorant masses.

So I ask[ed] you. Can you give an example - in this thread you use the
term scenario so i've used that term. Can you give a scenario , a set
up, that isn't what you deem to be " for the ignorant masses "

You appear to have answered that, by saying, I think, that this
example is not for the ignorant masses.

I was aware of the solution of the firewall appliance since you
mentioned it in the previous thread. But in that thread, you said it
was for the ignorant masses.
That's why I asked you what set up you deem as not being for the
ignorant masses.

Here was the exchange


In the previous thread,
there was this exchange

"
Leythos
Since most techie people already have a firewall appliance or a NAT
appliance, they already have the solution for the ignorant masses,
they know what they can do with a NAT router, they know that they
can, in most cases, block outbound traffic, etc...

jameshanley39
So now a firewall appliance is for the ignorant masses. I was of the
impression that maybe, when you wrote of a watchguard firewall
appliance, you had a higher view of it. What is your option above
that?
"

Leythos
Are you going to play games like this?

Do know full well what I've been talking about this entire thread, it
was not and is not directed at the tech/security types, and no one
reading the subject would think it was about upper level information.

"

So, that thread left me with the impression that you figured the
Firewall appliance was what you deem to be 'for the ignorant masses'.

Clearly I misunderstood you.

The firewall appliance is for tech/security types. Not for the
ignorant masses.

I don't understand why you wrote as you did in the previous thread,
but anyhow.

You speak of 2 appliances.

A NAT router alone, for the ignorant masses.
A firewall appliance for tech/security types.

In article <1186318495.999323.117240@22g2000hsm.googlegroups.c om>,
jameshanley39@yahoo.co.uk says...
> In the previous thread, 2 setups was discussed, one involving a NAT
> Router, and the other that firewall appliance we have spoken about.
> You said that both were for the ignorant masses.

And you can't seem to grasp the difference between a NAT Router and a
Firewall that may or may not use NAT.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

On Aug 5, 4:18 pm, Leythos wrote:
> In article <1186318495.999323.117...@22g2000hsm.googlegroups.c om>,
> jameshanle...@yahoo.co.uk says...
>
> > In the previous thread, 2 setups was discussed, one involving a NAT
> > Router, and the other that firewall appliance we have spoken about.
> > You said that both were for the ignorant masses.
>
> And you can't seem to grasp the difference between a NAT Router and a
> Firewall that may or may not use NAT.
>

No use you telling me that, do you expect me to argue against that,
e.g. writing a long explanation and let you be the teacher and mark me
on it?
This is not the issue. But we can make it a subissue if you want.

You certainly deem some solutions to be for the ignorant masses. I
just want to know which.

It seems from this thread that you deem
NAT Routers to be for the ignorant masses.
And firewall appliances to be for technical / not for the ignorant
masses.

I can't get consistency with the quoted dicussion from the previous
thread. But anyhow.

Is that distinction accurate?

Or do you further distinguish between Firewall appliances with NAT,
and firewall appliances without NAT.

BTW: Incase it isn't clear. I can read. I do see that a firewall
appliance without NAT needn't have what you suggested in the previous
thread - one ip on each port. It could have different registered ips
on each port, or even a subnet or block of them on a port.

In article <1186359669.324357.180120@d55g2000hsg.googlegroups. com>,
jameshanley39@yahoo.co.uk says...
> No use you telling me that, do you expect me to argue against that,
> e.g. writing a long explanation and let you be the teacher and mark me
> on it?
> This is not the issue. But we can make it a subissue if you want.
>
> You certainly deem some solutions to be for the ignorant masses. I
> just want to know which.
>
> It seems from this thread that you deem
> NAT Routers to be for the ignorant masses.
> And firewall appliances to be for technical / not for the ignorant
> masses.

Again, you still can't grasp simple concepts.

NAT routers are the minimum level of protection that I would suggest any
person use, the minimum. They work for the ignorant masses because they
don't require anything from the ISP or the User, and they don't really
break anything that the Ignorant masses typically make use of.

For the Ignorant masses I would suggest that all ISP's enable NAT on
their ISP provided modem/router device and only disable it if the
customer is smart enough to know the difference.

You keep going around in circles and I'm not going to play that game,
it's that simple.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

On Aug 6, 3:18 am, Leythos wrote:
> In article <1186359669.324357.180...@d55g2000hsg.googlegroups. com>,
> jameshanle...@yahoo.co.uk says...
>
> > No use you telling me that, do you expect me to argue against that,
> > e.g. writing a long explanation and let you be the teacher and mark me
> > on it?
> > This is not the issue. But we can make it a subissue if you want.
>
> > You certainly deem some solutions to be for the ignorant masses. I
> > just want to know which.
>
> > It seems from this thread that you deem
> > NAT Routers to be for the ignorant masses.
> > And firewall appliances to be for technical / not for the ignorant
> > masses.
>
> Again, you still can't grasp simple concepts.
>
> NAT routers are the minimum level of protection that I would suggest any
> person use, the minimum. They work for the ignorant masses because they
> don't require anything from the ISP or the User, and they don't really
> break anything that the Ignorant masses typically make use of.
>
> For the Ignorant masses I would suggest that all ISP's enable NAT on
> their ISP provided modem/router device and only disable it if the
> customer is smart enough to know the difference.
>
> You keep going around in circles and I'm not going to play that game,
> it's that simple.
>
> --


you've made a good attempt to go round in a circle by avoiding the
question, and repeating what you already said. But you failed

By your own accidental choice of words this time round, you've changed
or revealed your position a bit more.

Instead of saying it's a solution for the ignorant masses, you now say
it works for the ignorant masses.

That's a different statement. The implications are different.

In article <1186398006.897955.281470@w3g2000hsg.googlegroups.c om>,
jameshanley39@yahoo.co.uk says...
> On Aug 6, 3:18 am, Leythos wrote:
> > In article <1186359669.324357.180...@d55g2000hsg.googlegroups. com>,
> > jameshanle...@yahoo.co.uk says...
> >
> > > No use you telling me that, do you expect me to argue against that,
> > > e.g. writing a long explanation and let you be the teacher and mark me
> > > on it?
> > > This is not the issue. But we can make it a subissue if you want.
> >
> > > You certainly deem some solutions to be for the ignorant masses. I
> > > just want to know which.
> >
> > > It seems from this thread that you deem
> > > NAT Routers to be for the ignorant masses.
> > > And firewall appliances to be for technical / not for the ignorant
> > > masses.
> >
> > Again, you still can't grasp simple concepts.
> >
> > NAT routers are the minimum level of protection that I would suggest any
> > person use, the minimum. They work for the ignorant masses because they
> > don't require anything from the ISP or the User, and they don't really
> > break anything that the Ignorant masses typically make use of.
> >
> > For the Ignorant masses I would suggest that all ISP's enable NAT on
> > their ISP provided modem/router device and only disable it if the
> > customer is smart enough to know the difference.
> >
> > You keep going around in circles and I'm not going to play that game,
> > it's that simple.
> >
>
>
> you've made a good attempt to go round in a circle by avoiding the
> question, and repeating what you already said. But you failed
>
> By your own accidental choice of words this time round, you've changed
> or revealed your position a bit more.
>
> Instead of saying it's a solution for the ignorant masses, you now say
> it works for the ignorant masses.
>
> That's a different statement. The implications are different.

Dude, you are completely off your rocker. You can have the last post,
I'm done with you trolling ass.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Leythos wrote:

> In article <1186398006.897955.281470@w3g2000hsg.googlegroups.c om>,
> jameshanley39@yahoo.co.uk says...
> > On Aug 6, 3:18 am, Leythos wrote:
> > > In article
> > > <1186359669.324357.180...@d55g2000hsg.googlegroups. com>,
> > > jameshanle...@yahoo.co.uk says...
> > >
> > > > No use you telling me that, do you expect me to argue against
> > > > that, e.g. writing a long explanation and let you be the
> > > > teacher and mark me on it?
> > > > This is not the issue. But we can make it a subissue if you
> > > > want.
> > >
> > > > You certainly deem some solutions to be for the ignorant
> > > > masses. I just want to know which.
> > >
> > > > It seems from this thread that you deem
> > > > NAT Routers to be for the ignorant masses.
> > > > And firewall appliances to be for technical / not for the
> > > > ignorant masses.
> > >
> > > Again, you still can't grasp simple concepts.
> > >
> > > NAT routers are the minimum level of protection that I would
> > > suggest any person use, the minimum. They work for the ignorant
> > > masses because they don't require anything from the ISP or the
> > > User, and they don't really break anything that the Ignorant
> > > masses typically make use of.
> > >
> > > For the Ignorant masses I would suggest that all ISP's enable NAT
> > > on their ISP provided modem/router device and only disable it if
> > > the customer is smart enough to know the difference.
> > >
> > > You keep going around in circles and I'm not going to play that
> > > game, it's that simple.
> > >
> >
> >
> > you've made a good attempt to go round in a circle by avoiding the
> > question, and repeating what you already said. But you failed
> >
> > By your own accidental choice of words this time round, you've
> > changed or revealed your position a bit more.
> >
> > Instead of saying it's a solution for the ignorant masses, you now
> > say it works for the ignorant masses.
> >
> > That's a different statement. The implications are different.
>
> Dude, you are completely off your rocker. You can have the last post,
> I'm done with you trolling ass.

Well, fortunately for you, I will reply to this, otherwise, i wouldn't
have the last post, and you would be even more inconsistent.

I'll take this opportunity to point out to you, that the purpose of
this thread, from start to finish, was to understand what you meant.
That was 'the question'. Fortunately, in your attempt to search for
some 'real question', you answered the original question you were
trying to avoid.

And so this has been resolved. Whether you realise it or not.

And in the future, if you use the phrase 'for the ignorant masses', we
will be better informed as to what you do and do not mean.

In article <46b75e9f$0$15208$fa0fcedb@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
>
> And in the future, if you use the phrase 'for the ignorant masses', we
> will be better informed as to what you do and do not mean.

I don't think anyone except you misunderstands the phrase "Ignorant
Masses" when it comes to security - it's like the phrase Sheep when it
comes to politics or protection of the country - which, again, is
security.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)