On Monday 11 October 2010 08:37 PM, Raj Mathur (राज माथुर) wrote:
Sorry to nitpick, but you don't necessarily need two Ethernets on any device. You can work it just fine with a computer with a single Ethernet card and IP aliases. Create two logical networks on the machine, one for the WAN side and another for the LAN side, and they will happily co-exist on the same physical Ethernet network and interface.
Of course, you will need a small switch or a hub (do those even exist anymore?) to be able to interconnect everything.
That is cool. So we can connect the incoming internet cable (with public ip) to the LAN switch and the firewall has a single ethernet card (with 2 log. nets) connected to the LAN switch too. Each one talks within their subnets.
The only drawback would be a little lowering of network speed which may be negligible but a bigger danger of someone outside the premises cutting the incoming internet cable, crimping an RJ45 on it and connecting it to a laptop. Now the laptop is directly in the company's LAN, bypassing the firewall.