Steffen Weiberle wrote:
That helps. So you are trying to do the following?:
nic1 (10.0.0.2), vnic1 (10.0.0.3), vnic2 (10.0.0.4),
| vnic3 (10.0.0.5)
host1 host2 host3 host(n)
(all on 192.168.0.0/24)
where dns, mail, and webserver would be using vnic?
yes, exactly what I was thinking. My research indicates that moving each
service into its own zone could enhance overall system security.
If so, I take it their default router is 10.0.0.1.
Getting to/from them from 192.168.0.0/24 may be tricky, as they are
really only outbound facing, and I doubt your firewall knows to send
things back to 10.0.0.2 if the destination is 192.168.0.0.
I'm not sure if I understand what you mean by this...
Because each zone only knows about it's own subnet it may not be able to
find the other subnet???
I gotta think about this is this is what you are really doing--not sure
that using zones vs. discrete systems on the 10.0.0.0 subnet would
really behave differently (the nice thing about exclusive IP instances
is that it really is very close to separate hardware at that level).
I would rather not have to add separate systems but instead spend the
money on a duplicate system and another Internet feed. I could then set
up some kind of fail over or load balancing system.
Shared IP Instances might introduce other routing issues, but they may
not apply here.
Your comments are much appreciated
Robert W Hartzell
bear at rwhartzell.net
zones-discuss mailing list