We all can only assume :) > My money is on the fact that Minh probably has only 1 public IP. > In which case its going to have to be a portforward that delivers the > inbound traffic to internal servers. In which case extra firewalls is a > pointless waste. Even the concept of a DMZ doesnt really help when you are > just doing portforwards... (correct me if im wrong) > > dave > > > ----- Original Message ----- > From: "Kevin Saenz" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > > > > It's excessively complex? > > > > > > Additional firewalls don't necessarily improve security - a single > > > firewall, properly configured, will do everything you need - sticking in > > > extras is a waste. > > > The 2 switchs are ok especially if you want to seperate your internet > > servers and your lan environment. I see no problem with that, given > > on your lan you want trusted server. Any server that has direct > > connection to the internet in most schools of thought is not a trusted > > server. That is why you have a De-Militrised Zone, to ensure if someone > > owns your mail or web server the can't really own the rest of your LAN. >
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug