When the IIS server runs inside the firewall, as in Figure 6.1, users have unrestricted access to the IIS services. People outside the firewall are controlled by the firewall. This is useful if your IIS provides access to corporate data. Use this structure if you want to restrict access to a specific site on the Internet. It is difficult, however, to set the rules for the firewall to let in only the right people. This system is more appropriate for private Web sites.