[thelist] Firewalls vs. Web Databases

Daniel J. Cody djc at starkmedia.com
Thu Sep 20 11:56:57 CDT 2001

A variation of this is something I tend to do..

Config your webserver so that it will work inside or outside the 
firewall and install an additional network card in it.

Configure that second NIC to be on a private network( for 
example), then configure your database to sit on that private network as 
well. Plug the second NIC on your webserver and your DB into a 
hub/switch, and configure them to talk to eachother over that *private* 
link.(further security could be added by only allowing the DB to talk to 
the IP address of the second NIC on the webserver)

With this method, the DB doesn't care whether or not its in front of or 
behind a firewall, and since the webserver and the DB talk over a 
private link, the webserver doesn't care either. The DB can always be 
reached on that private network whether or not there's a firewall in 
front of the public IP address of the webserver and the webserver more 
or less acts as a firewall between the DB and the internet.

You'll also see an improvment in speed between the DB and the webserver 
since they're on a dedicated link with eachother. :)

Again, just my preference.. If anything is unclear or you have 
questions, feel free to shout :)


J. Blanchard wrote:

> Or third, we could establish a data server outside of the firewall with the web server, replicate needed items from inside the firewall for the database, and create a subnet between the servers.

More information about the thelist mailing list