My money is on the fact that Minh probably has only 1 public IP. In which case its going to have to be a portforward that delivers the inbound traffic to internal servers. In which case extra firewalls is a pointless waste. Even the concept of a DMZ doesnt really help when you are just doing portforwards... (correct me if im wrong)
dave ----- Original Message ----- From: "Kevin Saenz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> > > It's excessively complex? > > > > Additional firewalls don't necessarily improve security - a single > > firewall, properly configured, will do everything you need - sticking in > > extras is a waste. > The 2 switchs are ok especially if you want to seperate your internet > servers and your lan environment. I see no problem with that, given > on your lan you want trusted server. Any server that has direct > connection to the internet in most schools of thought is not a trusted > server. That is why you have a De-Militrised Zone, to ensure if someone > owns your mail or web server the can't really own the rest of your LAN. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
