advice wanted on structuring LAN + internet
George Toft
george@georgetoft.com
Tue, 26 Dec 2000 08:09:14 -0700
First method requires:
- one IP addr;
- You to maintain firewall;
Second method requires:
- two IP addr from ISP ($$$);
- You to trust D-Link to write good firewall rules.
From a security standpoint, method two is better as the web server will
be under attack (guaranteed), yet your LAN will have a lower profile,
hence lower risk to intrusion.
If you are worried about network performance, replace the LAN hubs with
a switch. As far as the Linux web server handling the traffic, I've
run 5mbps through a 486DX2/66 with no problems.
George
"David P. Schwartz" wrote:
>
> I'm curious what trade-offs might exist between a couple of different ways of hooking up a
> web server and a LAN:
>
> 675 modem -> [web NIC -> web server -> LAN NIC] -> LAN hub ==>> multiple workstations
>
> -- vs --
>
> 675 modem -> LAN hub1 + -> web server
> + -> DL-701 -> LAN hub2 ==>> multiple workstations
>
> The DL-701 is from D-Link; it's a little gateway/router/firewall that has DHCP support
> built-in. It sits between the cable/xDSL modem and the LAN hub.
>
> Aside from saving a NIC in the server box (whoopee), I'm wondering if there are any
> configuration and/or performance issues that arise by having the web server handle the
> internal LAN routing vs. letting the DL-701 handle this.
>
> (In the second configuration, the first LAN hub can be 10-BaseT, while the second can be
> 100-BaseT.)
>
> -David
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss