Re: Security: port-fw vs. ip-aliasing
It all comes down to how much spare equipment you have. It's always safer
to have the services running on a DMZ network. That way you're not opening
up your firewall to the various attacks associated with the various Net
services. If you've got two routers and a spare machine to provide the
bastion-host then you're set. If not, then you do the best you can.
Ask yourself, "what is my security requirement and how much can I spend on
installing my defenses?".
I personally would not choose to run my mail and website on the same
machine as I'm using for a firewall.
At 08:24 PM 5/22/2001 +0200, T. Schlenkhoff wrote:
I am running a small subnet (/248) and have my mail and my www set to one
ip-adress at the moment.
I wonder if it is safer to have my firewall to port-forward http, https, pop
and smtp to a dmz or if it is better to get two different ip-adresses and
alias them on one machine (my firewall)?
Any considerations / thoughts are welcome.
Thanks for your input,
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
Eric N. Valor
- This Space Intentionally Left Blank -