RE: do I HAVE TO put my DMZ net and Internet in seperate net segments

[Pavlichek, Doris (GEIS, GE Capital Consulting)]

Since when do you operate multiple gateways with a single collision domain?
Do you want *total* route confusion??  
DP

> -----Original Message-----
> From: Ryan Russell [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 19, 1999 1:27 PM
> To:   Chris Chen
> Cc:   [EMAIL PROTECTED]
> Subject:      Re: do I HAVE TO put my DMZ net and Internet in seperate net
> segments
> 
> 
> You don't say what kind of firewall you have, but
> in general, no you don't have to have them on
> separate broadcast domains.  You do open
> another possible avenue of attack for your
> DMZ machines, though.
> 
> If address space is the concern, in similar situations
> I've done address translation or reverse proxy to
> get the requests onto my DMZ net from the "outside" address
> space.
> 
>                     Ryan
> 
> 
> 
> 
> 
> 
> 
> dear netters:
> 
> If I have a 3-legs FW machines configured ( 3 NICs, connecting to
> Internet,
> DMZ net and intranet, respectively), do I have to put NIC-to-Internet and
> NIC-to-DMZ in seperated network segments ?
> 
> In details, for instance I only have one public IP class like
> 207.46.130.0/24 ( I am stealing MS's IP as example here :-) ),
> can I do it like
> 
>      -- 204.46.130.1 /255.255.255.0  for my FW's Internet NIC
>      -- 204.46.130.10 /255.255.255.0  for my FW's DMZ NIC
>       * 204.46.130.12 /255.255.255.0  for my web svr in DMZ
>       * 204.46.130.22 /255.255.255.0  for my ftp svr in DMZ
> 
> Since I already have FW software to check the traffic, do I have
> to partition my network for Internet and for DMZ using subnet
> mask ?
> 
> Thanks,
> --Chris
> 
> 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]