> Well, you are right that you don't want two NICs in the FTP server, but > remember that you also don't need to pass anything from the FTP server into > the LAN. Most good firewalls these days can handle the complexities of FTP > connections well enough that they don't require statically assigned paths > into protected networks for clients behind the firewall to be able to use > FTP with a host outside of it. > > In short, you simply allow OUTBOUND connections (from your protected > network to your FTP server in the DMZ) through your firewall, and > this will enable you to use the resource while still not letting any new > connections from the DMZ (including your FTP server) to your > internal LAN.
This may also require the clients on the internal network to use passive mode when communicating with the FTP server, but that's not a bad thing(tm). j. -- Jeremy L. Gaddis <[EMAIL PROTECTED]> <http://www.gaddis.org>
