Hey everyone,

Here's a little security question for you related to DMZs, firewalls, and
backups.

Our new Web server sits in a DMZ outside our school's main firewall and 
has a regular IP address. The rest of the district is NAT'd behind the
firewall using a 10.*.*.* block. We have a tape library set up inside to
back up all the file servers.

Since we have a BackupExec setup, I'd like to install the Unix agent and
backup the Web server files to the internal tape library. The firewall makes
that more complicated.

Here's the question: How 'bout putting a 2nd NIC in the Webserver and
putting that NIC on the internal network? The 2nd one would get a 10.* IP
address and shouldn't have any trouble accessing the tape library.

It's certainly possible to prevent cross-traffic between the NICs, but I'm
not sure if this setup is really "securable." How much trouble am I asking
for? :-)

Anybody have any advice?

-Tim

--
Tim Wilson      | Visit Sibley online:         | Check out:
Henry Sibley HS | http://www.isd197.k12.mn.us/ | http://www.zope.org/
W. St. Paul, MN |                              | http://slashdot.org/
wilson at visi.com |   <dtml-var pithy_quote>     | http://linux.com/