2) More to the point, Is it really necessary or just good practice to use a second network card when connecting to a router? The implication below is that it IS necessary.
Really a lot would depend on your router, taking the case of our system, we have a leased line to the internet (but could just as easily be ISDN dial up) and we were given a Cisco router by our ISP. The router only has the one network card in it and that is our PUBLIC internet ip address. In order to connect the router to our internal systems (unless you want every device to have it's own public IP address and connect it directly to the router via a hub) you would have to have another box doing some kind of network address translation (NAT). We use a Linux box for this, and so therefore it has 2 network cards in it, one on the same network address subnet as our router (public), and one on the same network subnet as our internal network (private), then we use Masquerading to connect our internal PC's to the internet. There are however some internet gateway routers that you can buy which instead of presenting your public subnet on it's ethernet port will actually do the NAT for you in which case you would assign it an internal IP address on it's ethernet card but Any network should have a firewall in it anyway and if you want to do the job 100% then you should have a PC (or dedicated firewall hardware) with 3 network cards in it. One being on the public subnet, one on your private subnet and one in the De-militerized Zone (DMZ). The DMZ network subnet would then contain the services you want public access to such as web servers/email etc. Then even if your public servers are hacked, they are still not on the same network as your internal PC's. -Andy- ============================================================ Andrew Johnson, Technical Consultant Drive Computer Services Tel +44 (0)1924 280388 Extn 223 Fax +44 (0)1924 280117 Mobile +44 (0)7970 284594 Email : andrew.johnson@drivecomputing.co.uk { The contents of this communication (plus any attachments which may be included along with it) are solely intended for the individual(s) and/or group(s) listed as a recipient above. None of the contents should be relayed in any form to any third party without the prior consent of the author. All opinions expressed are my own and not necessarily those of my employer. }