On Wed, 25 Aug 2004 09:52:39 -0400, James W. McKeand <james at mckeand dot biz> wrote:
> In my opinion, you should physically separate your LAN from your DMZ - two
> switches and two NICs. With that said, Dual homing your servers (two IPs on
> one NIC) is generally not a good idea. Having your servers straddle your DMZ
> (two NIC connected to two switches) is also not a good idea. I think you are
> opening yourself to security problems if you do not pay attention to detail
> when it comes to securing the servers.
> I think I remember have read posts about connecting the LAN and DMZ to same
> physical media (same switch/hub) and get similar behavior. Did you search
> the list archive?
Not addressing the question at hand, but dual homing all your hosts on
your DMZ and LAN, whether it's 2 NIC's or two IP's on one NIC, negates
one of the main purposes of having a DMZ in the first place -
protecting your LAN if a publicly accessible hosts gets compromised.
I wouldn't recommend doing that under most any circumstance. 2 NIC's
is better than two IP's on one NIC, but not by a whole lot.