Since the first time routers were connected together via Ethernet...
What's the problem with having multiple gateways and/or
multiple address spaces on the same broadcast or collision domains?
Ryan
To: Ryan Russell/SYBASE, Chris Chen <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: RE: do I HAVE TO put my DMZ net and Internet in seperate net segm
ents
Since when do you operate multiple gateways with a single collision domain?
Do you want *total* route confusion??
DP
> -----Original Message-----
> From: Ryan Russell [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 19, 1999 1:27 PM
> To: Chris Chen
> Cc: [EMAIL PROTECTED]
> Subject: Re: do I HAVE TO put my DMZ net and Internet in seperate net
> segments
>
>
> You don't say what kind of firewall you have, but
> in general, no you don't have to have them on
> separate broadcast domains. You do open
> another possible avenue of attack for your
> DMZ machines, though.
>
> If address space is the concern, in similar situations
> I've done address translation or reverse proxy to
> get the requests onto my DMZ net from the "outside" address
> space.
>
> Ryan
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
