Alex,
The best thing is to use the Cisco router as your external router.
The router can route packages applied for the DMZ systems to
the appropriate boxes.
What I am interested in is for what purpose do you want to use the
Linux box for. Because a DMZ is designed to house systems that
do special purpose that you don't want to be done on your local
network. Like a webserver, DNS server, Mail server, etc etc
Masquerading is a good idea for the proxy that reduces the translation
load for the external router.
A proxy is primairy used for central internet access and hosting websites
(or parts of websites) locally for faster performance.
I think a linux box can act better as a proxy then as the external router.
But that is all up to you ofcourse.
Hopefully you got the idea a little bit
Greets,
/Brenno
> -----Original Message-----
> From: Alexandre [SMTP:[EMAIL PROTECTED]]
> Sent: maandag 30 oktober 2000 11:50
> To: Firewalls
> Subject: DMZ
>
> I�m creating a DMZ with screened subnet architeture. That�s my doubt :
>
> - Who should have to do masquerading ? The internal or external
> router?
> - Who should have to do proxy? The internal or external router?
>
> To do this I have a Linux box and a Cisco Router. Who should be the
> external
> router ? Why ?
>
> ThankZ.
>
>
> Alexandre de Oliveira
>
>
>
> Estou criando uma DMZ utilizando screened subnet architeture. Minha
> d�vida �
> a seguinte, quem faz o masquerading ?? O router interno ou externo ?
> Quem faz o proxy, o interno ou externo ???
>
> Meus recursos de firewall / router � um desktop linux e um router
> Cisco.
> Qual seria mais interessante ficar externo ???? Agrade�o as dicas.
>
> []�s
>
> -------------------------------------------------
> Alexandre de Oliveira
>
>
>
> -------------------------------------------------
> Alexandre de Oliveira
> eCommerce Internet & Intranet Concepts
> Fone: 5853-2131 / Fax: 5853-2164
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
