[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security: port-fw vs. ip-aliasing

It all comes down to how much spare equipment you have. It's always safer to have the services running on a DMZ network. That way you're not opening up your firewall to the various attacks associated with the various Net services. If you've got two routers and a spare machine to provide the bastion-host then you're set. If not, then you do the best you can.

Ask yourself, "what is my security requirement and how much can I spend on installing my defenses?".

I personally would not choose to run my mail and website on the same machine as I'm using for a firewall.

At 08:24 PM 5/22/2001 +0200, T. Schlenkhoff wrote:
Hi there,

I am running a small subnet (/248) and have my mail and my www set to one
ip-adress at the moment.
I wonder if it is safer to have my firewall to port-forward http, https, pop
and smtp to a dmz or if it is better to get two different ip-adresses and
alias them on one machine (my firewall)?

Any considerations / thoughts are welcome.

Thanks for your input,


To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Eric N. Valor
Lutris Technologies

- This Space Intentionally Left Blank -

Reply to: