Security Basics mailing list archives

Re: Access Internal and External Networks

From: alias () securityfocus com
Date: Mon, 22 Sep 2003 14:39:35 +0300

IMHO, and given these choices, go for 2. For the first choice, you should at 
best build a firewall for every machine individually, which is a trouble by 
itself. Moreover, you do not create a chokepoint or single point of failure 
that is generally considered a good idea when building firewalls. Finally, 
properly setting up the machine that will do the DNATing, you will have more 
control over what goes to the servers and what not.

just my 0.02

CG

On Friday 19 September 2003 01:42, william () orlitech com au wrote:

I have a need for some servers to access both the external network and the
internal network and am wondering which approach would be best:

1. 2 NIC's in each server one connected to the external network and one
connected to the internal network

2. 1 NIC in each server connected to the internal network and DNAT the
required ports from the external address to the internal address

Thanks

William



____________________________________________________________________
http://www.freemail.gr - ������ �������� ������������ ������������.
http://www.freemail.gr - free email service for the Greek-speaking.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Access Internal and External Networks william (Sep 19)
- Re: Access Internal and External Networks JGrimshaw (Sep 19)
- Re: Access Internal and External Networks John Hollyoak (Sep 19)
- RE: Access Internal and External Networks David Gillett (Sep 19)
- Re: Access Internal and External Networks Ansgar -59cobalt- Wiechers (Sep 22)
- Re: Access Internal and External Networks alias (Sep 22)
- <Possible follow-ups>
- RE: Access Internal and External Networks Hagen, Eric (Sep 19)
- RE: Access Internal and External Networks Meidinger Chris (Sep 22)