What is the reason for running SME Server in gateway mode when there are no clients connected to it's subnet? Wouldn't server-only do in this case?
Well that's an excellent question.
I guess the best answer is, it offers many options as to what you can do, while still maintaining a secure system.
For example...
All server administration client's would use the sme's internal interface and that would free up the external interface bandwidth.
With gigbit nic's on the internal sme interface, backups/transfers/rsync would take less time and allow full
bandwidth on the external interface.
With a vlan switch you only vlan tag to the server you want to administrate thus limiting the admin clients exposure.
You may have a development department that needs to test/evaluate new systems i.e. embedded web controllers, sme's
internal interface is a ideal approach, subnet isolation.
Lets say you have a primary firewall hardware failure, you connect the Office PC LAN to the SME's internal interface, SME's external to
the modem and reconfig SME external interface. Everyone is happy in 2-3 minutes. Plug and Play..fixed.!!
Keep in mind all SME servers on the DMZ have their firewall enabled (server gateway mode) = better server control.
You could put all SME internal interfaces on the same subnet (security risk) and backup/transfer/rsync on a cron job between them.
Each server would enable/disable the internal interface only during the backup/transfer/rsync cron job, thus reducing the (security risk).
enable > transfer > disable - via cron
Besides all of the options it offers (to many to list), it's (one of many) required/prudent setups for a commercial system.
SME's Server Gateway mode is the trick and the treat.
Couple SME with a good Firewall and you just might see how sweet the treat is.
If that's not sweet enough, then add vlan switches. (Layered Switches)
Ease of Administration/Control & Damage Control (software & hardware subnet isolation)
Hackers - Hack
Spammers - Spam
Hardware - Fails
Users - Abuse
Damage Control isn't a matter of IF....it's a matter of WHEN.
BTW.... Notice I didn't use the word WIRELESS above.
Why...because that's an entire set of options that are available with this type of setup.
i.e. You could easily add a purple interface to Smoothwall and solve that security problem.
Just like a house, you want to build on a solid foundation, this type of setup is a
solid foundation for a network system to build on.
Be it commercial / non-commercial.
HTH
Have a good day....