-----Original Message-----
From: 	Seth Kurtzberg 
Sent:	Friday, December 20, 2002 11:49 AM
To:	Carleton, Sam
Subject:	Re: Enhancing my firewall/gateway: Adding a DMZ

No, as long as IP forwarding is on (which, obviously, it is) you need no 
explicit routing for any network directly connected to the machine.

However, there really isn't any point in having a DMZ with only one 
firewall.

I must disagree.  Having a DMZ with only one firewall still allows you to
contain an intruder.  If a hacker gets into the DMZ, the hacker will not be
able to access any machines in Intranet, unless they can hack the firewall.
My firewall will not be accessible from the DMZ in any form or fashion and I
am debating on whether or not I should allow SSHing from the Intranet, I
think I will.  I know that two firewalls would be better, but this is for my
house/cable modem for goodness sake:)  (I also don't have the computers to
spare).

Sam