proxy arp or forwarding via iPtables for DMZ?
I am still wondering about the right way to arrange the webserver and dns with a linux firewall... Choice one seems to be: Iptables , DMZ, and LAN with three ethx cards on the firewal box. This is beginning to make a little sense... with multiple IP adresses. or...
Choice two: "By using Proxy ARP, you can set up your machines in a DMZ to separate them from your client machines. This is also the least invasive method to set up, since you can keep the same IP's on all of the servers as you had when things weren't firewalled."
The goal is a Linux firewall and... I have several External Static IP addresses to be used for webserver, dns and mail on a coupla RH8* boxes... a garden variety small ISP.
So which is better, choice one may? be not so transparent and not too EZ to set up and maintain and choice two still seems to leave the webserver very exposed.
I'm probably not grasping the "full" picutre here? a little light would be helpful.
thanks much,
the ~piratebiter~ hisself
|