advice wanted on structuring LAN + internet

George Toft george@georgetoft.com
Tue, 26 Dec 2000 08:09:14 -0700


First method requires:
- one IP addr;
- You to maintain firewall;

Second method requires:
- two IP addr from ISP ($$$);
- You to trust D-Link to write good firewall rules.

From a security standpoint, method two is better as the web server will
be under attack (guaranteed), yet your LAN will have a lower profile, 
hence lower risk to intrusion.

If you are worried about network performance, replace the LAN hubs with
a switch.  As far as the Linux web server handling the traffic, I've
run 5mbps through a 486DX2/66 with no problems.

George



"David P. Schwartz" wrote:
> 
> I'm curious what trade-offs might exist between a couple of different ways of hooking up a
> web server and a LAN:
> 
> 675 modem -> [web NIC -> web server -> LAN NIC] -> LAN hub ==>> multiple workstations
> 
> -- vs --
> 
> 675 modem -> LAN hub1 + -> web server
>                       + -> DL-701 -> LAN hub2 ==>> multiple workstations
> 
> The DL-701 is from D-Link; it's a little gateway/router/firewall that has DHCP support
> built-in.  It sits between the cable/xDSL modem and the LAN hub.
> 
> Aside from saving a NIC in the server box (whoopee), I'm wondering if there are any
> configuration and/or performance issues that arise by having the web server handle the
> internal LAN routing vs. letting the DL-701 handle this.
> 
> (In the second configuration, the first LAN hub can be 10-BaseT, while the second can be
> 100-BaseT.)
> 
> -David
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss