Would somebody point me to references or outline here the pros and cons of the various ways of assigning IP address(es) to an access router (Cisco 2600) and firewall (Watchguard Firebox 1000). I'm planning to connect our internal network to the Internet, providing DNS and SMTP services and allowing client HTTP, HTTPS and FTP. Should I use a public IP address on the Internet side of the router, with RFC 1918 private addresses on the subnet between the router and firewall and NAT at the firewall to a different RFC 1918 private address subnet on the internal network and a third private subnet on the DMZ using port forwarding? Or should I use public IP addresses on both sides of the router and on the exterior interface of the firewall with NAT and port forwarding at the firewall for the internal network and DMZ? Or, if the ISP allows it, should I set up the router without assigning IP addresses to its interfaces, using the public IP address on the exterior interface of the firewall and using NAT and port forwarding at the firewall for the internal network and DMZ? Or should I use a public IP address on the exterior interface of the router and set up the firewall in a "drop-in" configuration, keeping all of its interfaces on the same subnet (which Watchguard recommends but which Zwicky et. al. don't particularly like)? Or something else? -- Robert Bell IT Director Hunterdon County Democrat newspapers _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
