Hi all
I have one gateway and several boxes serving some NFS, Samba and other stuff.
Then I have a public server for some gaming.
I am thinking about two different setups, but I am in serious doubt as to
whether one actually has any real benefit over the other.
The public server gets its own NIC on the firewall, whereas the other boxes
share another NIC (through a switch) for local stuff.
My worries is if the public server gets hacked.
Is it better to physically segment the network using two different boxes as
routers/firewalls, or is it better to simply use one router/firewall with 3
NICs?
Setup 1:
Gateway --> firewall --> NIC1 --> public server
|
--> NIC2 --> LAN
Setup 2:
Gateway --> firewall1 --> public server
|
--> firewall2 --> LAN
I am wondering about which of the two situations are "most secure".
Maybe it really depends on how the firewall is setup, but what I want to avoid
is that if the public server gets hacked, that the attacker can gain access to
stuff on the LAN.
Any comments on these different setups?
Of course the ideal would properly be to get two separate Internet connections,
but that's really not an option in this case.
Kind regards.
