Re: Need help w/ multi homed server

Personally, I wouldn't use the type of setup you described at all, instead I
would setup the webserver with a single NIC on the DMZ. I would then setup
port forwarding on the router to forward SQL requests (port 1433 - assuming
it's a MS SQL server) from the webserver, and only the webserver to the SQL
server.

The setup you are describing defeats the purpose of setting up a DMZ. Should
someone gain root access to the webserver or compromise it in some way then
you have just opened the door wide open to your internal private network.
Imagine someone gains control of the webserver and installs a packet sniffer
on that machine, under certain circumstances, they will be able to map out
your network and read any unencrypted traffic.

I believe your setup would fail a security audit if you have confidential
data for which you have a fiduciary responsibility to protect.

If the router you are using for your setup does not provide that level of
functionality then I would look at investing in a commercial grade router /
hardware firewall such as those offered by SonicWALL (www.sonicwall.com) or
by setting up a quality software firewall such as Check Point
(www.checkpoint.com) offerings.

James

"Sam" <Sam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:22558417-6043-4F9F-9E10-DC4FD4C02647@xxxxxxxxxxxxxxxx
Hi,

I'm setting up a new web application server that hosts an ASP.NET
application we built that uses SQL Server as its backend.

We have two NICs in this machine that will be hosting this app. We have
three zones in the network i.e. internal network, DMZ and Internet. I'd
like
to set this server up as a multi homed server and put one NIC in the
internal
network and one in the DMZ. I'd like to use the internal NIC for SQL
Server
access and use the NIC in the DMZ for accessing the application through
IIS.

My question: is there anything special I need to do for this setup? I'll
assign a DMZ IP to the NIC in the DMZ and setup the web site that will be
hosting the ASP.NET app with that IP.

I'll then assign an internal IP to the NIC that's on the internal network.
Our SQL Server is on the internal network so the app server should
automatically connect to SQL Server through the NIC w/ internal IP.

However, because I've never setup a multi homed server before, I want to
make sure I'm doing the right things here. Is there anything special I
need
to do to make sure that connection to SQL Server will be through the NIC
w/
internal IP?

--
Thanks,

Sam


.

Relevant Pages

  • Re: does not match the existing scope error at install!!
    ... I always give a static IP to both NICs after the server portion has finished ... and before I continue with the rest of the SBS setup. ... This DHCP message is popping up before setup even finishes. ...
    (microsoft.public.windows.server.sbs)
  • Re: Domain Controller with 2 NICs
    ... (because it is designed as a one server does everything system). ... to avoid the problem by not using a DC as a router. ... One of the DC is setup as a NAT ... way with 2 Nics? ...
    (microsoft.public.windows.server.networking)
  • Re: Edge Server 2 Nics vs 1 Nic
    ... server using only one NIC with the recommended configuration (open ports 25 ... And what about a second DMZ? ... He plans to use two NICs. ... Also have in mind a properly configured Edge Transport server will shield ...
    (microsoft.public.exchange.design)
  • Re: Windows 2003 with VPN behind DSL
    ... > but the VPN connection would be extended to the server. ... >> You should not assign the same IP range to these two NICs. ... >> How to setup vpn on 2003 as router ...
    (microsoft.public.win2000.ras_routing)
  • Re: SMTP issues ROGERS.com
    ... SBS 2000, running ISA, two nics (similar setup to the smallbiz.net two ... Pop3s to another mail server to get mail, ...
    (microsoft.public.backoffice.smallbiz)