RE: Access Internal and External Networks

["David Gillett" <gillettdavid () fhda edu>]

2!

  If you try option 1, the first person who roots one of these 
servers via some other service you didn't intend to be up,
enables forwarding/proxying and now he has a back door into 
your internal network that completely bypasses your gateway.
  DNAT is definitely what you want.

David Gillett

> -----Original Message-----
> From: william () orlitech com au [mailto:william () orlitech com au]
> Sent: September 18, 2003 15:42
> To: security-basics () securityfocus com
> Subject: Access Internal and External Networks
>
>
>
>
> I have a need for some servers to access both the external 
> network and the internal network and am wondering which 
> approach would be best:
>
> 1. 2 NIC's in each server one connected to the external 
> network and one connected to the internal network
>
> 2. 1 NIC in each server connected to the internal network and 
> DNAT the required ports from the external address to the 
> internal address
>
> Thanks
>
> William
>
> --------------------------------------------------------------
> -------------
> Captus Networks 
> Are you prepared for the next Sobig & Blaster? 
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
>  - Precisely Define and Implement Network Security 
>  - Automatically Control P2P, IM and Spam Traffic 
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
> http://www.captusnetworks.com/ads/42.htm
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------