<snip> Just because your SQL server is in the DMZ does not mean that it is accessible from the outside. Your outside firewall interface should only allow HTTP traffic to the web server and SMTP traffic to the mail server. Thats it. Nothing more. Your SQL server doesn't even need an internet routable IP address. It doesn't even need IP. You could set it up to use IPX or Netbeui to talk to the web server. (Do this only if your firewall will let you talk to the SQL server from the inside using IPX or Netbeui) </snip> I am assuming you mean that the firewall allows IPX or Netbeui inside the DMZ. I never have considered that. Would that be allowed through the rules? Would it open the servers up to in another way, such as tunneling those protocols in, if I was to allow IPX or Netbeui? <snip> One more thing. The book "Building Internet Firewalls" is NOT written by Cheswick and Bellovin as a stated previously. "Building Internet Firewalls" is written by Brent Chapman and Elizabeth Zwicky and is published by O'Reilly. </snip> Thanks for the reference as well... I haven't had time to check it out as of yet but it does sound like exactly the kind of book I need to read. Mike
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:21 PDT