Joe,

The purpose of a DMZ seperate from the LAN is usually to protect the LAN
from any dangers that could happen on the servers. If a server gets
hacked, or gets a virus, that can not move on to infect the LAN.

For convenience, it's always nice to have the servers on the same
network as the workstations, because then you do not have to route
between network segments every time a user requests data from a server.
This, of course, depends on how may PCs will be accessing your servers.

For security, of course, you want the servers in the DMZ on a seperate
private network. So 192.168.1.X for the LAN and 192.168.Y.X for the DMZ
servers.

Although we always try to make things as secure as possible, the reality
is that in most small to medium sized businesses the servers live on the
same subnet as the clients. 

Regards,
Josh Simoneau



From: Joe Rodiguez Jr. [mailto:jrodriguezjr at gmail dot com] 
Sent: Tuesday, October 04, 2005 11:41 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Design question using MONOWALL

Hi All,

Anther question for the group, again I am using monwall now as my
primary firewall server and I have a question regarding design of the
network for a client.

Since I am going to use Monowall I wanted to see what those who have
experience with it had to say.  Here is the situation:

I have a client that has been assigned a /28 subnet for public IP's.
Their internal network will be a 192.168.1.X network however the
question is where the best place to put their servers, NATed on the same
network or in the DMZ.  In either case, all servers will have there own
host firewall protection, but I wanted to know what makes the most
sense.

Your guidance is greatly appreciated,

Joe R.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch