advice wanted on structuring LAN + internet
The Wolf
codewolf@earthlink.net
Fri, 29 Dec 2000 10:32:21 -0700
On Monday 25 December 2000 17:22, you wrote:
> I'm curious what trade-offs might exist between a couple of different ways
> of hooking up a web server and a LAN:
>
> 675 modem -> [web NIC -> web server -> LAN NIC] -> LAN hub ==>> multiple
> workstations
>
> -- vs --
>
> 675 modem -> LAN hub1 + -> web server
> + -> DL-701 -> LAN hub2 ==>> multiple workstations
there are couple problems with both setups.
Setup 1.
Since you are using web server as your firewall you going to
have heavy hits on your firewall. Web servers are the first
line of atack for most. If your server is compromised your
firewall is useless and your workstation will be the next target.
In the second stupe you have the same problem web server is just sitting out
there.
The best solution would be to put a firewall box in front of everything:
Internet -> [Intenet Nick - Firewall/Router - lan nic] - Hub - your lan
- web server nic] - Web server
Your firewall would redirect port 80 and possibly other necessary ports to
your web server. Nothing would be forwareded to your lan. Your lan requests
are forwarded to the internet and web server.
Nothing is send from webserver out unless requested ( statfull firewall does
that)
This way you separate the lan and web server (DMZ).
--