>The poster did not ask where the best place is to place the webserver.
>The poster asked where _you_ would place your webserver in the firewall
>setup you described.
Maybe I misinterpreted your question then, but I remember reading "Where
goes your web server, mail server, etc.? In front or behind the firewall?"
in response to my steps describing how I would prep an NT4 server for the
installation of a firewall application.
To which I responded back "Behind the firewall, preferably on the DMZ..."
I left the DMZ reference fairly open because I didn't think I'd have to
explain it to anyone, but if the DMZ is traditional, then there are two
firewalls. An "inner" and an "outer". So, if you apply the above comment.
I'm referring to an "outer" firewall, with the DMZ on the inside of it. If
you want to consider a third NIC solution, then the DMZ is off the third
NIC. In this type of scenario, the DMZ is behind the firewall, but still
separated from the protected LAN.
>BTW, you counted an internal NIC, an external NIC, and mentioned
>disabling IP on the internal NIC. (!)
What I said, was to install a 2nd NIC (step 2), unbind the 2nd NIC (step 7),
then install a firewall that binds its own IP stack to the external NIC
(step 10).
The 2nd NIC is the "external" NIC. The purpose of the steps outlined, is
that the firewall's IP stack is replacing the IP stack that was unbound from
the 2nd NIC, aka the external NIC.
Best Regards, Donald Kelloway
http://www.commodon.com
-----Original Message-----
From: Ng Pheng Siong <[EMAIL PROTECTED]>
To: Don Kelloway <[EMAIL PROTECTED]>
Cc: Paul D. Robertson <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>; Peter da Silva <[EMAIL PROTECTED]>
Date: Monday, June 21, 1999 11:31 AM
Subject: Re: Why not NT?
>On Sun, Jun 20, 1999 at 10:27:24PM -0400, Don Kelloway wrote:
>> Yes, the poster did ask where (In front or behind the firewall?) the best
>> place for the webserver and I replied "preferably in the DMZ.
>
>Ahem.
>
>The poster did not ask where the best place is to place the webserver.
>The poster asked where _you_ would place your webserver in the firewall
>setup you described.
>
>BTW, you counted an internal NIC, an external NIC, and mentioned
>disabling IP on the internal NIC. (!)
>
>Care to clarify where your DMZ is? In front of your firewall, facing
>the 'net; or behind the firewall in your corporate network; or a service
>network hanging off a third NIC in your firewall?
>
>Cheers.
>--
>Ng Pheng Siong <[EMAIL PROTECTED]>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
