Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet accessible screened subnet - use public or private IPs?

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 21 Jul 2005 13:56:17 -0400 (EDT)
On Fri, 15 Jul 2005, Matt Bazan wrote:


Is there a preferred method of setting up a Internet facing screened
subnet and the use of public or private IP addresses?  Looking at
redesinging our DMZ to only include public resources (www, smtp, imap,
ftp).  Presently we use a private IP address range for this that is
NAT'ed at our firewall.  Any reasons to change this policy to using
public IPs in the DMZ?  Thanks,


If you're NATing to your internal network, then a rework is necessary- 
public stuff should be on its own (preferably) physical subnet.

IP addressing doesn't matter much, since you'll be letting stuff through 
the most likely exploit vectors anyway.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: