[TriLUG] [OT] using public IP addresses or private addresses for the DMZ

Chris Bullock cgbullock at yahoo.com
Fri Jul 8 16:01:17 EDT 2011


I spent the day meeting with a security consultant regarding our current 
network.  They kindly reprimanded me for the way I have my DMZ vs what he called 
best practices.  I shouldn't be questioning their opinions since I am probably 
going to pay them to redo my work but I have the following question regarding 
DMZ placement.  I would like the opinion to see what a majority of the people 
think and why.  Here are the 2 options.

I have some public IP addresses provided by my ISPs.  I have lets say 6 servers 
I need on my DMZ.
Do I:
1.  Give the servers Public IP addresses and create a DMZ interface on my 
firewall
or
2.  put the public IP addresses on my external interface, and put the servers in 
private IP space in a DMZ, off of a DMZ interface on the firewall.

Chris




More information about the TriLUG mailing list