RE: Security: port-fw vs. ip-aliasing
It seems that Stan Kaufmann thought about the same problem here.
To make it clear, I really appreciate a DMZ :-) but I wonder how to get the
packets in there. At least as far as I understood the topic I have two
choices: port-forwarding (if my mail.x.com domain and my www.x.com domain
are on one ip-adress) or ip-aliasing (if my mail.x.com domain and my
www.x.com domain are on different ip-adresses).
Pros & Cons:
Port-forwarding: +simple firewall-ruleset (thanks Cory)
-one can?t access own DMZ- webservices
easily (spoofing - see Corys mail on that)
-only one service per port
ip-aliasing -complex firewall-ruleset
+can access own DMZ-webservices? (request for
confirmation here)
+using all the payed ip-adresses :-)
Did I miss some important points?
Looks like forwarding is the best option - if you only need one service on
every port.
Thanks for all your feedback,
tom
Reply to: