RE: IP on different subnet?

Bradley,

If you want to maintain PCI and other compliances make sure you have a physical connection to your DMZ. Don't NAT into your inside network. What you want to do is very possible but make sure you are not binding any services expect what you want to that interface. In other words make sure no services are running on ALL interfaces. Last thing you want to do is expose your server to the internet.

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Saturday, February 23, 2013 1:36 PM
To: Midrange Systems Technical Discussion
Subject: IP on different subnet?

I'm not much of a network security expert but I have a question that someone asked me the other day.

We all know the "i" can have multiple IP interfaces/addresses for each NIC. If we were to set up a web server with it's own IP address would it make sense (or even work) for the IP address to be on a different subnet, or a different ip range all together?

Example:

Main IP 192.168.0.1

New IP 192.168.1.1 or even something like 10.1.1.10

My thinking is because there will be a firewall routing requests in from a public IP to the web server IP address, the internal IP address doesn't really need to be on a different subnet, range, etc, because that is all invisible to the end user on the internet. And it may also take some "tricky" finagling to even get things to work right for routing.

Thoughts?

Brad
www.bvstools.com