[TriLUG] [OT] using public IP addresses or private addresses for the DMZ
Chris Bullock
cgbullock at yahoo.com
Fri Jul 8 16:01:17 EDT 2011
I spent the day meeting with a security consultant regarding our current
network. They kindly reprimanded me for the way I have my DMZ vs what he called
best practices. I shouldn't be questioning their opinions since I am probably
going to pay them to redo my work but I have the following question regarding
DMZ placement. I would like the opinion to see what a majority of the people
think and why. Here are the 2 options.
I have some public IP addresses provided by my ISPs. I have lets say 6 servers
I need on my DMZ.
Do I:
1. Give the servers Public IP addresses and create a DMZ interface on my
firewall
or
2. put the public IP addresses on my external interface, and put the servers in
private IP space in a DMZ, off of a DMZ interface on the firewall.
Chris
More information about the TriLUG
mailing list