Topic: Frontend to Backend communication

[stevezemlicka]

I know someone that works at a very large company (multi-million $ company) as a DB Admin.  The way he described their setup was something like

internet <--> firewall <--> Frontend Servers (web servers, frontend exchange, etc) <--> firewall <--> LAN

The benefit of this is that if the webserver gets hacked or an exploit found, everything important is still protected.  I like this idea so I wanted to set something like this up at home.

In a setup like this, how do I get SME to communicate securely to my NAS on the LAN such that if someone gets into SME, they cannot access my NAS?  I would like to rest sound knowing that even if the systems exposed to the internet are hacked, my data is still safe and secure.

SME would basically be setup to serve out photos via gallery, streaming music/video, and online storage.  SME would not be a router/firewall as I have a couple dd-wrt boxes for that.

[stevezemlicka]

I wonder if it would be possible to have some kind of queue system whereby the webserver would organize the request and a server on the LAN would probe for requests every x milliseconds and then push the data appropriately.  The problem would be determining if the request is legit or a hacker.

Regardless, the more I think about and research it, the more complex the issue becomes.  And it most certainly does not appear to be something designed for and/or built into SME.