Security Basics mailing list archives

Re: Access Internal and External Networks

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 20 Sep 2003 02:54:16 +0200

On 2003-09-18 william () orlitech com au wrote:

I have a need for some servers to access both the external network and
the internal network and am wondering which approach would be best:

1. 2 NIC's in each server one connected to the external network and
   one connected to the internal network

2. 1 NIC in each server connected to the internal network and DNAT the
   required ports from the external address to the internal address


Use a DMZ-setup like this:

ExternalNet---RouterA---Switch---RouterB---InternalNet
                          |
                        Servers

or

ExternalNet---Router---InternalNet
                |
              Switch
                |
              Servers

I also suggest to re-evaluate if you *really* need the servers to access
the internal network, as it would violate the DMZ. It's better practice
to move everything that the servers need to access to the DMZ as well
(or at least to another separate network). IMHO.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Access Internal and External Networks william (Sep 19)
- Re: Access Internal and External Networks JGrimshaw (Sep 19)
- Re: Access Internal and External Networks John Hollyoak (Sep 19)
- RE: Access Internal and External Networks David Gillett (Sep 19)
- Re: Access Internal and External Networks Ansgar -59cobalt- Wiechers (Sep 22)
- Re: Access Internal and External Networks alias (Sep 22)
- <Possible follow-ups>
- RE: Access Internal and External Networks Hagen, Eric (Sep 19)
- RE: Access Internal and External Networks Meidinger Chris (Sep 22)