My setup is a standard router and firewall, with both a private network and a DMZ hanging off the firewall.
The router and the firewall can both block packets and can both do NAT. I assume that offloading one of those devices puts more load on the other.
Where does it make sense to do which function? Are there any practical guidelines or best practices out there? For example, my DMZ contains a public webserver. Do I give it a private non-routable address and then NAT it to a public address at the firewall or at the router? On the other side, do I block all non-routable addresses at the router or at the firewall or both? What are the trade-offs?
May 25, 2005 3:13 PM
May 30, 2005 1:39 AM