>
> Firewall:
>
> * Blocks everything from outside but www and ssh2 which it forwards to www.
> * Blocks everything from www to secure but ssh2
> * Masquerades secure
>
> The only problem is that I currently only have two NICs in my firewall.
> Is it totally useless (security wise) to create to different subnets anyway?
> Should I really buy another NIC?
Ummm... if you are in the same ethernet the www server could snoop it,
find
that it on another subnet (since it sees packets from other IP adresses) change
its subnet address and attack the others.
So yes, you should buy another NIC or separate the physical interfaces
so that
www will not be able to snoop the other.
Javibegin:vcard
n:Fern�ndez-Sanguino Pe�a;Javier
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
x-mozilla-html:FALSE
org:SGI-GMV sistemas;Seguridad L�gica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;28448
fn:Javier Fern�ndez-Sanguino Pe�a
end:vcard
