We have a class c license for strictly hosting webservres . I need to seperate the servers into multiple networks for security reasons. All elase being equal, is it better to:
######
A)subnet the class c so the webservers stay on public IPs
internet
|
|
router--1.1.1.0/28---firewall---1.1.1.128/26---weservers
|
1.1.1.0/28
|
firewall
|
1.1.1.64/26
|
weservers
####
or
######
B)Keep one public class c (/24), and use different private subnets behind each firewall using DNAT for the web servers.
internet
|
|
router---1.1.1.0/24---firewall---10.0.1.0/24---weservers
|
1.1.1.0/24
|
firewall
|
10.0.2.0/24
|
weservers
######
Secondly , is it better to use proxy arp or assign ip addresses to the firewall for DNAT
thanks
######
A)subnet the class c so the webservers stay on public IPs
internet
|
|
router--1.1.1.0/28---firewall---1.1.1.128/26---weservers
|
1.1.1.0/28
|
firewall
|
1.1.1.64/26
|
weservers
####
or
######
B)Keep one public class c (/24), and use different private subnets behind each firewall using DNAT for the web servers.
internet
|
|
router---1.1.1.0/24---firewall---10.0.1.0/24---weservers
|
1.1.1.0/24
|
firewall
|
10.0.2.0/24
|
weservers
######
Secondly , is it better to use proxy arp or assign ip addresses to the firewall for DNAT
thanks