Alexandre,
Are u sure about the proxy thing and do you know what a proxy
all do ? Because maybe you are meaning a firewall.
A Cisco router has a the ability to act as a masquerading host
which is connected to the internet and the local LAN.
If you want to locally store websites for better web performance,
that's one thing what a proxy does in stead of only translating
internet adresses to local LAN addresses what a masquerading
host does. A Cisco router can't do this because it doesn't hold
a great amount of HD room for all this caching (or am I wrong?)
A proxy can also regulate the access to the internet for a special
group in your network (which you can specify on a NT domain
controller machine for example). I don't know if a Cisco router
has this ability, a linux box can. like seperation in who is able to
FTP, WWW, ICQ , etc etc
If your network is a very large one then masquarade from a very
fast machine which has it's connection onto the internet and the
local lan. Maybe you have to cluster them for single point of failure
For some security reasons I would let a proxy or firewall do the
masquerading
in stead of the external router because this also does the routing
for the DMZ. A masquerading host (proxy or firewall left behind) doesn't
do that because when you create a DMZ you generally don't translate
the IP addresses (internet to local addresses or the other way around).
Especially if you have more hosts in your DMZ.
>From a overview point your network could look like this:
INTERNET --{external router}-- DMZ --{masquerading host, firewall
preferred}-- LAN
If your external router has more then 2 interfaces you can let the
masquerading
host do the translation of the local internet addresses to the address of a
external router
interface which will route the package onto the internet.
A masquerading host, proxy or firewall, can view and drop IP packets higher
in the OSI
model then a regular Cisco router.
None of this traffic (if the router is configurred correctly) will go
through the DMZ.
As you can see this can be a complex environment and it all depends on
various
this (amount of internet IP addresses, design DMZ, amount of clients, etc)
This is a question that is very difficult to answer. In a small network the
external
router can also be the proxy and the firewall (who knows every thing is
possible now a
days).
And a question of my side.. Why do you need a DMZ ???
Greets,
/Brenno
> -----Original Message-----
> From: Alexandre [SMTP:[EMAIL PROTECTED]]
> Sent: dinsdag 31 oktober 2000 16:21
> To: Firewalls
> Subject: DMZ
>
> I looking for more opinions, I�m creating a DMZ with screened subnet
> architeture. That�s my doubt :
>
> - Who should have to do masquerading ? The internal or external
> router?
> - Who should have to do proxy? The internal or external router?
>
> To do this I have a Linux box and a Cisco Router. Who should be the
> external
> router ? Why ?
>
> ThankZ.
>
>
> Alexandre de Oliveira
>
>
>
>
> -------------------------------------------------
> Alexandre de Oliveira
> eCommerce Internet & Intranet Concepts
> Fone: 5853-2131 / Fax: 5853-2164
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
