Planning to fire up a web server; have a NIC question...

[WarER4X]

Hello all! I'm new to this forum and (more or less) new to Linux in general. I had a version of Red Hat that I played around with a little in college (just a dual boot for something to do), but this will be a new venture for me. I currenly have my XP machine host a simple website, but I have plans to take a (much) older machine and set it up as a dedicated web server using Linux. I have settled on using Gentoo and am looing forward to receiving my order.

My question is concerning NICs, more specifically, whether or not I should use two in my Linux box instead of one. Here is what I'm thinking. My current home network consists of cable modem connected to hardware router/switch (one of those simple home jobies) that uses NAT to forward HTTP requests to my "web server." When I get the Linux machine operational, my plan is to run the cable modem into a pure switch and, from there, go to the router/switch (to server the LAN with i-net access) and also go directly to the Linux web server so that it is outside of my LAN and has its own external IP address (my ISP will allow up to 3 seperate IPs on the same subscrition).

The question of two NICs comes in when considering security. I figure if I have two NICs in my Linux box then I can have one connecting to the WAN (and that will be serving the world via apache, I suppose) and the other connecting to the switch on the backside of the router, thus allowing the Linux box to be on the WAN and the LAN at the same time. Then, I could only allow FTP/SSH and what not to be done over the LAN NIC and allow the web serving to be done over the WAN NIC.

Ok, so that's my plan, but I'm quite inexperienced with this sort of thing considering the audience so I'm wondering if this is a worthwhile approach or if it might be overkill.

Any comments/tips/advice would be most appreciative. I'm looking forward to further interactions on this forum as I get things up and running. I'm fairly certain I will need the help.

-SR-

PS: For what it's worth, I will be running Linux on an AMD K6-2 266 MHz based system with an undecided amount of RAM (I have to refresh my memory on how much that MB will support, no pun intended). For setup purposes, I have a PCI graphics card installed, but I plan to run this server headless after it gets off the ground.

[WarMachine]

I would suggest using 2 so you don't have to deal with port forwarding on that other router to allow the server to accept connections from the internet.

[ChevyBowtie]

Ideally, you don't want two subnets on the same box. That makes a bridge (which are hard to secure) and a successful hack attempt on your public address will give them access to a machine that also has a private address; formula for further penetration.

You should put it on a seperate network segment only and use a firewall (like IPCop http://ipcop.org/) to allow traffic to go to only the ports needed (80 in this case) and only where you want it to go.

[WarER4X]

[ChevyBowtie]

[WarER4X]

Between what you are saying and what I'm reading on the IPCop.org website, it's all starting to make sense now.

Thanks for your patience.

-SR-

PS: The system (hardware) is now operational. Now I just need to get going with the Linux install (I was going to wait for my ordered version of Gentoo, but my impatience may get the better of me and demand that I just download it).