RE: Access Internal and External Networks

• Previous message: Adam Drake: "RE: Certification Advice"
• Maybe in reply to: william_at_orlitech.com.au: "Access Internal and External Networks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'william@orlitech.com.au'" <william@orlitech.com.au>, security-basics@securityfocus.com
Date: Mon, 22 Sep 2003 09:38:38 +0100

Although management headaches may abound, my preffered setup is:

                                   |--> Server 1 <--|
INTERNET <--> External Firewall <--|--> Server 2 <--|--> Internal Firewall
<--> LAN
                                   |--> Server 3 <--|

Putting a NIC in each of 2 firewalls for each server can be a bit of a
headache, but the kind of granular control that is available is (in my
opinion) worth it.

just 20% of a Dime,

Chris

-----Original Message-----
From: william@orlitech.com.au [mailto:william@orlitech.com.au]
Sent: Friday, September 19, 2003 12:42 AM
To: security-basics@securityfocus.com
Subject: Access Internal and External Networks

I have a need for some servers to access both the external network and the
internal network and am wondering which approach would be best:

1. 2 NIC's in each server one connected to the external network and one
connected to the internal network

2. 1 NIC in each server connected to the internal network and DNAT the
required ports from the external address to the internal address

Thanks

William

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Adam Drake: "RE: Certification Advice"
• Maybe in reply to: william_at_orlitech.com.au: "Access Internal and External Networks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Error message (id 14147) occurs everytime a new VPN user conne ... Is there a way to specify a static IP address that my RRAS server will use ... configure Network Load Balancing and may be safely ignored if it does not ... internal network was setup prior to implementing VPN and the Internal network ... ISA Server detected routes through the network adapter External - Broadcom ... (microsoft.public.isa) Re: DMZ Advice ... > I am in the process of redesigning certain parts of my network. ... > protected IIS site (on a seperate server to the VPN) available from ... > address on the internal network (thus not really being part of the DMZ ... (microsoft.public.windows.server.networking) How can Apache use a private network? ... server and Apache web server along with a couple dozen XP desktops. ... Fast forward to last night as I planned my new home network with Apache ... didn't notice for Apache to be able to bypass the internal network. ... (comp.os.linux.networking) Re: Network Topology ... that need to be able to be moved to a server on the internal network. ... > singlehomed SBS server, ... (microsoft.public.windows.server.sbs) Re: Web access through 2 external IP addresses ... located on internal network and one on DMZ. ... And I need that one server is ... Can I acomplish this by making route relationship DMZ to external network, ... (microsoft.public.isa.configuration)