Recommend DMZ in answer to FAQ 2 -- Take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8067 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-01-14 21:28:34 +00:00 · 2008-01-14 21:28:34 +00:00 · 3eb254c0b6
commit 3eb254c0b6
parent 54a6755096
1 changed files with 3 additions and 1 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -479,7 +479,9 @@ DNAT    net     fw:192.168.1.1:22       tcp     4104</programlisting>
      <para>So the best and most secure way to solve this problem is to move
      your internet-accessible server(s) to a separate LAN segment with it's
      own interface to your firewall and follow <link linkend="faq2b">FAQ
-      2b</link>.</para>
+      2b</link>. That way, your local systems are still safe if your server
+      gets hacked and you don't have to run a split DNS configuration (Bind 9
+      views or separate server).</para>

      <para>But if you are the type of person who prefers quick and dirty
      hacks to "doing it right", then proceed as described below.<warning>