I am about to run a server which will be serving web and mail only. there will be one server and one desktop pc behind a cable modem, I am going to stick a hardware firewall router after the modem but should I get one with a dedicated dmz port or one with two lan ports? I want the maximum amount of security so I only want web and mail ports open on the server and don't want the server being able to initiate a connection to the lan if it becomes comprised. from what I've read seems like a dmz port is quite insecure as any traffic that isnt marked for the lan is sent to the dmz.. i can get a firewall with a dedicated dmz port for similar price as a firewall with 2 separate lan ports so its down to which is more secure.. I believe I can write an acl on the dmz port to block everything bar web and mail.. is there anything else a dmz port does that a lan port doesnt?
also i will have one static ip so everything will be nat'd.
Flamer.