Firewall - Proper setup for servers with public AND private IPs
Posted on 2008-11-12
I have several servers that do filesharing / webserving on my private network AND do webserving on the internet with public IPs. I can think of several ways to do this, but I want to know the proper / best way as far as security. This is a from-scratch retool of my network so pretty much anything goes as long as it uses my current hardware.
Hardware is a Cisco 2600 router running VLANs to an HP switch. One VLAN is the private network doing NAT and one is my public subnet.
I would like to be able to access the webservers from inside and out using the same DNS names.
1) Put two network cards in the servers so they can have IPs on BOTH networks. The ACLs of my firewall could control security pretty easy.
2) Put the servers in the private network and do port forwarding or statically map the public IPs to the private IPs.
3) Setup the servers with just public IPs and configure things so the local filesharing works, but block filesharing on the internet side.
I'm interested in the quick pros and cons of each setup.