MySQL and DMZ's

[Francisco Mário Ferreira Custódio <fcustodio () eda pt>]

Hi!

I have 2 lines of firewall, the first one connects the Internet router, the
external DMZ and connects to the second line firewall. The 2nd line
firewall, connects to an internal DMZ and our LAN:

|Router|------|1st LINE FW|-------|2nd LINE FW|------------(LAN)
                   |                   |
                   |                   |
                   |                   | 
            (External DMZ)        (Internal DMZ)

The webserver is on the External DMZ and I need this server to get
information from a MySQL server on the LAN. In the LAN I have a server who
houses our Intranet sites. My idea is when an information is entered on the
internal MySQL I have this same information on the website. 

Should I install two MySQL servers (on the external DMZ and on the LAN)?
Should I install only the internal one (doesn't look safe to me)?

The most correct scenario to me, is to install 2 servers and replicate
information from the internal MySQL to the one housed on the DMZ. To
accomplish this I only need to open the correct ports on my firewalls. 

Anyone has a better and more secure way to do it? 

Thank you in advance!!!

Francisco Custódio.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.htm
----------------------------------------------------------------------------