Hi All, I have a couple of questions with regards to what machines in our DMZ should be visible to the world. I have a linux bastion host set up to proxy all connections TO our site and FROM our site, apart from web access. We have a MS Win NT machine running IIS 4 serving our web sites. Both machines are secured reasonably well (can't ever say perfectly now can I !) Any outside user should now only ever see two public faces ! Is this ok, or should I hide the winnt web server behind the firewall as well ? I need to share access to the web server's database with our internal lan users (windows 95/98/nt clients), who are separated from the web server by another linux machine acting as a masquerading router. The database is ms access, and the only way I can allow remote access (that I know of) is to use netbios shares. If I open up a hole in our internal router to allow access to the web server share, is this safer than putting the database on the internal lan and opening up the hole the other way ? Do I have any other options, as internal clients must see the data that runs live on the web server ! Thanks in advance, Greg. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
