Hi All,��

I'm curious to know which of the following methods is more widely used/accepted today for publishing web servers to the Internet.

1) Dual-home the server - place one NIC on the internet and a second NIC on an internal network for administration, or

2) DNAT/Port Forward my external IP to my internal IP

3) Both - Dual home the server onto two private subnets (external/internal) and DNAT/Port Forward the public IP to the external subnet IP

In either case:

a) I will be hiding behind a dedicated firewall appliance and not relying on the OS firewalls

b) the internal network will still be in its own subnet firewalled away from the rest of the network

c) Only HTTP/HTTPS will be permitted from the internet, no RDP, SSH etc

d) I will be deploying IPv6 to this machine in the next 12 months which makes option 1 more attractive

I personally like option 1 but I'm looking to see if theres any facepalm reasons I shouldn't do it this way.