advice wanted on structuring LAN + internet

[David P. Schwartz]

George Toft wrote:

> First method requires:
> - one IP addr;
> - You to maintain firewall;
>

Usually, static IPs come in a block of 8.  Five are available for use.  I'm not sure how many need to be dedicated to the server, but I'm
sure one is available for the LAN.

> Second method requires:
> - two IP addr from ISP ($$$);
> - You to trust D-Link to write good firewall rules.

These things basically block all incoming requests unless you tell them to open specific ports.  It's in ROM, so there's nothing to hack
or bypass.

> >From a security standpoint, method two is better as the web server will
> be under attack (guaranteed), yet your LAN will have a lower profile,
> hence lower risk to intrusion.

Ahh, good point.

> If you are worried about network performance, replace the LAN hubs with
> a switch.  As far as the Linux web server handling the traffic, I've
> run 5mbps through a 486DX2/66 with no problems.

thanks

>
>
> George
>
> "David P. Schwartz" wrote:
> >
> > I'm curious what trade-offs might exist between a couple of different ways of hooking up a
> > web server and a LAN:
> >
> > 675 modem -> [web NIC -> web server -> LAN NIC] -> LAN hub ==>> multiple workstations
> >
> > -- vs --
> >
> > 675 modem -> LAN hub1 + -> web server
> >                       + -> DL-701 -> LAN hub2 ==>> multiple workstations
> >
> > The DL-701 is from D-Link; it's a little gateway/router/firewall that has DHCP support
> > built-in.  It sits between the cable/xDSL modem and the LAN hub.
> >
> > Aside from saving a NIC in the server box (whoopee), I'm wondering if there are any
> > configuration and/or performance issues that arise by having the web server handle the
> > internal LAN routing vs. letting the DL-701 handle this.
> >
> > (In the second configuration, the first LAN hub can be 10-BaseT, while the second can be
> > 100-BaseT.)
> >
> > -David
> >
>