Re: [m0n0wall] Embedded PC: 2 vs 3 Ethernet Ports

From:	Chris Buechler <cbuechler at gmail dot com>
To:	m0n0wall at adrianocastro dot net
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Embedded PC: 2 vs 3 Ethernet Ports
Date:	Fri, 29 Oct 2004 02:24:34 -0400

On Fri, 29 Oct 2004 07:07:35 +0100, Adriano Castro
<m0n0wall at adrianocastro dot net> wrote:
> 
>      In the meantime, I've been reading about the latter ones and don't
> fully understand the need or use of a 3rd Ethernet port (as in Soekris'
> net4501-30 model). 2 ports make sense to me: WAN + LAN. I believe the
> 3rd port is commonly used for DMZ, correct?
> 

Yes.

>      If this is the case it kind of confuses me because I'm used to
> having DMZs set-up virtually.
> 

Virtually?  I do a whole lot of corporate security consulting and I've
yet to see an appropriate DMZ that wasn't a 3rd interface (if not a
4th, 5th, 6th, ... as well).  You could use a VLAN, but that's really
not a good idea (far easier to screw up).

Maybe if you explain what you mean by "virtually" we can figure out
where your confusion lies.

-Chris