Multi-homed vs. one NIC with 2 ip addresses

[butler]

Hi all,<br>
<br>
I am setting up a proxy/firewall server on NT4, and I am wondering what the differences/disadvantages (other than performance) there are to using one NIC with two ip address (different subnets) assigned vs. two NIC with ip routing disabled. You hear/read a lot about multi-homed NT but I can't find anything reguarding security on the multi ip address setup. Functionaly, both work fine.<br>
<br>
The server will only be used for proxy/firewall and nothing else. The the NT server will be visible from the internet. Preformance is of some concern but not an issue. I am mainly concern with security.<br>
<br>
Any thoughts??<br>
<br>
Thanks in advance!<br>
bill

 

[Zelandakh]

Some thoughts, yes!<br>
<br>
If you have a single NIC it has to be used to connect to your router. Now how are you going to connect the server to the network?<br>
<br>
ALWAYS use (at least) two NICs for doing this sort of thing. One (and it can be a slow one) goes to your router with a live internet IP address, the other one is used with your internal private IP address range. Enable IP forwarding and only use TCPIP if you can.<br>
<br>
If you are mainly concerned with security I would suggest not using Proxy server!!!

 

[FredWagner]

Amen to Zelabdakh's post! If you are to have ANY security there have to be separate NICs. For some solid security on an NT box, I have used a firewall from Elron than runs on an NT workstation with dual or triple NICS. The licensing is a bit pricey, but it is a very solid product. <p>Fred Wagner<br><a href=mailto:frwagne@ci.long-beach.ca.us>frwagne@ci.long-beach.ca.us</a><br><a href= > </a><br>

 

[damhna]

Got to add my aggrement<br>
<br>
THe added security of a route up to another cardd is the bare minimum you need.<br>
<br>
Foolish to do otherwise <p>Paul O'Connor<br><a href=mailto:damhna@hotmail.com>damhna@hotmail.com</a><br><a href=

http://www.johnpaulconstruction.com>

</a><br>