[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "Monowall Mailing list" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Webserver on different subnet to LAN
 Date:  Fri, 6 Oct 2006 12:44:48 -0400 
On 10/6/06, Chris Alavoine <chris dot alavoine at imagination dot com> wrote:
> Thanks for that Chris.
>
> How about making my webserver dual-homed giving the second interface a
> LAN subnet IP?
>
> Security issues maybe?
>

Yep, I would never recommend dual homing anything between a DMZ-type
interface (which is what you have if your web server is on a different
network) and a trusted network.  If you're going to dual home it, you
might as well just keep it on your LAN subnet, otherwise you're
eliminating the purpose of putting it on a separate subnet.

-Chris