Probably too basic for the list - but I''ll ask and duck.... I have sbcglobal.net (AT&T) for an ISP with 5 fixed IP addresses Firewall with 3 NIC''s: one to DSL modem one to DMZ mail/web server one to Internal LAN via 10/100 switch If I want to split the mail and web server into TWO unique IP addresses/computers - do I need (or want) to add a 4th NIC or will the right thing happen with a switch between the Firewall and DMZ computer(s) ? (a switch would be giving me easier ability to use all 5 addresses) ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Jul 5, 2011, at 4:02 PM, Bill.Light@kp.org wrote:> > Probably too basic for the list - but I''ll ask and duck.... > > I have sbcglobal.net (AT&T) for an ISP with 5 fixed IP addresses > > Firewall with 3 NIC''s: > one to DSL modem > one to DMZ mail/web server > one to Internal LAN via 10/100 switch > > If I want to split the mail and web server into TWO unique IP addresses/computers - do I need (or want) to add a 4th NIC or will the right thing happen with a switch between the Firewall and DMZ computer(s) ? (a switch would be giving me easier ability to use all 5 addresses) >The Shorewall Setup Guide (http://www.shorewall.net/shorewall_setup_guide.htm) give you everything I know about that sort of configuration. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Tue, 2011-07-05 at 21:01 -0700, Tom Eastep wrote:> On Jul 5, 2011, at 4:02 PM, Bill.Light@kp.org wrote: > > > > > > > Probably too basic for the list - but I''ll ask and duck.... > > > > I have sbcglobal.net (AT&T) for an ISP with 5 fixed IP addresses > > > > Firewall with 3 NIC''s: > > one to DSL modem > > one to DMZ mail/web server > > one to Internal LAN via 10/100 switch > > > > If I want to split the mail and web server into TWO unique IP > > addresses/computers - do I need (or want) to add a 4th NIC or will > > the right thing happen with a switch between the Firewall and DMZ > > computer(s) ? (a switch would be giving me easier ability to use > > all 5 addresses) > > > > > > The Shorewall Setup Guide > (http://www.shorewall.net/shorewall_setup_guide.htm) give you > everything I know about that sort of configuration. > >As shown in that guide, my preference for a DMZ is to use Proxy ARP -- and certainly, one NIC and a switch is the way I would go. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Tue, 2011-07-05 at 21:01 -0700, Tom Eastep wrote: On Jul 5, 2011, at 4:02 PM, Bill.Light@kp.org wrote: Probably too basic for the list - but I''ll ask and duck.... I have sbcglobal.net (AT&T) for an ISP with 5 fixed IP addresses Firewall with 3 NIC''s: one to DSL modem one to DMZ mail/web server one to Internal LAN via 10/100 switch If I want to split the mail and web server into TWO unique IP addresses/computers - do I need (or want) to add a 4th NIC or will the right thing happen with a switch between the Firewall and DMZ computer(s) ? (a switch would be giving me easier ability to use all 5 addresses) The Shorewall Setup Guide ( http://www.shorewall.net/shorewall_setup_guide.htm) give you everything I know about that sort of configuration. As shown in that guide, my preference for a DMZ is to use Proxy ARP -- and certainly, one NIC and a switch is the way I would go. -Tom ==================================================================== Thanks, Tom ! Because of other constraints, I was also looking at a Cisco VPN appliance, RV042, to put into the DMZ, so that makes sense....I currently use the actual IP address on the web/mail server, so will re-read the information about Proxy ARP. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2