[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Virtual vs Physical Iface - DB connection
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Virtual vs Physical Iface - DB connection
- From: "Samuel Moses" <smoses_(_at_)_drjays_(_dot_)_com>
- Date: Mon, 28 Jun 2004 18:15:54 -0700 (PDT)
- Reply-to: smoses_(_at_)_drjays_(_dot_)_com
I would like to implement Dspam on my mail server. My mail server resides
outside my internal network with its own firewall in place. I have a
database server that resides inside my network and would like to use the
MySQL installation on that machine for the Dspam installation.
Pass through traffic on my openbsd firewall from the external mail server
to the internal database server for MySQL connections. This seems error
Install MySQL on the mail server locally. This is more maintenance
intense as I already have an maintain a tuned DB installation.
Connect the external switch to the internal switch and give the mail
server an internal ip address and set up connection to MySQL on the inside
I lean toward Resolution C as it's fairly simple to implement and to me
seems best not to open up any database connection to the outside world no
matter how restrictive it is. What I don't know, and the reason for this
posting is I'm unsure of whether I'm opening my internal network to
intrusions due to the fact that I have an external ip and a virtual
internal ip on the same nic with the two switches connected. Any input
pointing out flaws in this idea are welcome.
Thanks in advance!