I've been reading this list for a while and reading (and trying to understand)
as much of the firewall books/materials I can get my hands on, but there's
something I'm having difficulty grasping.
My company is looking at getting a "real" connection to the Internet
(surprise!) and since I'm the network guy I get to learn more than I ever
wanted to know about firewalls. The part I don't understand is where you
would place application services (WWW server and anon FTP server for outside
customers to access) in the case of a dual-homed gateway or a screened-host
In the case of a dual-homed firewall, I would assume the FTP and WWW server
software would be directly on the firewall machine? Is this a security risk?
Or do you just provide and incoming proxy on the firewall that points to
an inside machine running the httpd or ftpd servers?
In the case of the screened host implementation, do the services go on the
bastion host, or does it simply offer an incoming proxy service to the real
machine running the WWW or FTP software? I don't see configuring the router
to allow incoming FTP or http traffic to a host other than the bastion,
otherwise your no longer running a screened host type of firewall. Am I right?
Any insights would be appreciated.
Chesapeake Decision Sciences, Inc.
email: msh @