• 2 Posts
  • 15 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle








  • Kinda Scenario 1 is the standard way: firewall at the perimeter with separately isolated networks for DMZ, LAN & Wifi

    What you’re describing is close to scenario 1, but not purely scenario 1. It is a mix between public and private traffic on a single IP address and single firewall that a lot of people use because they can’t have two separate public IP addresses running side by side on their connection.

    The advantage of that setup is that it greatly reduces the attack surface by NOT exposing your home network public IP to whatever you’re hosting and by not relying on the same firewall for both. Even if your entire hosting stack gets hacked there’s no way the hacker can get in your home network because they’re two separate networks.

    The scenario one describes having 2 public IPs, a switch after the ISP ONT and one cable goes to the home firewall/router and another to the server (or another router / firewall). Much more isolated. It isn’t a simple DMZ, it’s literally the same as two different internet connections for each thing.