Shorewall users - Oct 2003 - Theory Question

Hi All,

This is my first messge forgive if it is incorrect.
 
I setup shorewall a couple weeks ago, all seemed to be well. Then for
some reason it took a massive nose dive. I thinkn that I am going to
rebuild. The question is I think that my initial setup was bad design.
When designing a firewall setup should a machine exist in the Local LAN
and the DMZ, or is this bad news. I was thinking about it, and it kinda
seems like a bad idea. Additionally with my setup I have two distingt
paths to the web, internall from the local LAN we go out through a
different Firewall/ Proxy. All the servers exist on this subnet also. I
setup a DMZ subnet and put a second nic in each of the servers and added
them there. I was thinking this made sense initially, but from a routing
standpoint it sounds sort of like a headache. Sorry if this post is
convoluted.

Thank You, 
Bryan

-- 
Bryan S. Scott <bscott@strategal.net>
Strategal, L.L.C.

On Sat, 4 Oct 2003, Bryan S. Scott wrote:
> Hi All,
>
> This is my first messge forgive if it is incorrect.
>
> I setup shorewall a couple weeks ago, all seemed to be well. Then for
> some reason it took a massive nose dive. I thinkn that I am going to
> rebuild. The question is I think that my initial setup was bad design.
> When designing a firewall setup should a machine exist in the Local LAN
> and the DMZ, or is this bad news.
It is "bad news" -- leads to very confusing problems.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net