[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Fwd: [m0n0wall] Monowall to MonoWall
 Date:  Fri, 23 Sep 2005 22:41:06 -0400
---------- Forwarded message ----------
From: Mark Wass <mark dot wass at market dash analyst dot com>

>> So like this Chris, is this correct?

Yes. It could also be more than just three. Depends on your needs. I
think I read where somehwere on this list, someone posted using 6 or 8
interfaces.

>> And the IP of the LAN interface on MonoWall1 is 192.68.1.1 /24

Yes

>> Will I still be able to access the servers in the DMZ from the Private LAN?

Yes and No. The No answer is listed in the documentation and has been
asked a hundred times. I don't remember off-hand the reason, except
no. However, If you run your own internal secondary DNS, then Yes.
While our servers are public to the internet, I have 1:1 NAT setup to
each server on DMZ. For LAN clients needing to get to DMZ or LAN
servers, I added a Host name in the internal DNS

>> Will I still be able to NAT to servers in the Private LAN from the
Internet?

Yes.

>> Will I still be able to NAT to servers in the  DMZ from the Internet?

Yes.

>> Does having  2  MonoWalls setup like in my first picture make anything
any more secure? Personally I think it makes thing more complex than
need be.

Layers always add security. But from what I have read, whether you had
11 or 10 inline firewalls, a hack coming in on port 80 will always get
in. It's just as important to make sure the server is secure...in a a
"very" small nutshell.

- Don