----- Original Message -----
From: "Alexandre" <[EMAIL PROTECTED]>
To: "Firewalls" <[EMAIL PROTECTED]>
Sent: Monday, October 30, 2000 11:50 AM
Subject: DMZ
> I�m creating a DMZ with screened subnet architeture. That�s my doubt :
>
> - Who should have to do masquerading ? The internal or external router?
> - Who should have to do proxy? The internal or external router?
>
> To do this I have a Linux box and a Cisco Router. Who should be the external
> router ? Why ?
It depends:
>From a practical point of view:
How many official IP adr. do you have?
If only one then do masqurading/NAT on the external router of'coz.
If you have enough for your servers on the DMZ then do it on the internal router (to
reduse the load).
How powerful is the Linux router? And how powerful is the Cisco?
Put the most powerful (i.e. the router that can handle the most traffic) as the
external router.
Proxy?
You could do proxying on the Linux box (In which case you don't need Masqurading/NAT).
If you decide to do proxing instead of NAT/Masqurading use this "router" (it's not a
router anymore) as the internal "router".
HTH,
Per
--
Per Gustav Ousdal <[EMAIL PROTECTED]>
SirCon DA, Postbox 12, 4440 Tonstad, Norway
Tlf: +47 38371111 Fax: +47 38371119
http://www.sircon.no
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
