Firewall Wizards mailing list archives
Re: Internet accessible screened subnet - use public or private IPs?
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 21 Jul 2005 13:56:17 -0400 (EDT)
On Fri, 15 Jul 2005, Matt Bazan wrote:
Is there a preferred method of setting up a Internet facing screened subnet and the use of public or private IP addresses? Looking at redesinging our DMZ to only include public resources (www, smtp, imap, ftp). Presently we use a private IP address range for this that is NAT'ed at our firewall. Any reasons to change this policy to using public IPs in the DMZ? Thanks,
If you're NATing to your internal network, then a rework is necessary- public stuff should be on its own (preferably) physical subnet. IP addressing doesn't matter much, since you'll be letting stuff through the most likely exploit vectors anyway. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Internet accessible screened subnet - use public or private IPs? Matt Bazan (Jul 21)
- Re: Internet accessible screened subnet - use public or private IPs? Paul D. Robertson (Jul 21)
- Re: Internet accessible screened subnet - use public orprivate IPs? David Lang (Jul 21)
- Re: Internet accessible screened subnet - use public orprivate IPs? Dave Piscitello (Jul 22)
- Re: Internet accessible screened subnet - use public orprivate IPs? David Lang (Jul 22)
- Re: Internet accessible screened subnet - use public orprivate IPs? Victor Williams (Jul 25)
- Re: Internet accessible screened subnet - use public orprivateIPs? David Lang (Jul 25)
- Re: Internet accessible screened subnet - use public orprivateIPs? Victor Williams (Jul 25)
- RE: Internet accessible screened subnet - use public orprivateIPs? lordchariot (Jul 25)
- RE: Internet accessible screened subnet - use public orprivateIPs? Marcus J. Ranum (Jul 26)
- RE: Internet accessible screened subnet - use public orprivateIPs? R. DuFresne (Jul 27)
- RE: Internet accessible screened subnet - use public orprivateIPs? Luis Bruno (Jul 30)
- Re: Internet accessible screened subnet - use public orprivate IPs? David Lang (Jul 21)
- Re: Internet accessible screened subnet - use public or private IPs? Paul D. Robertson (Jul 21)