Do you have a firewall? If yes, then build the DMZ off a third interface of the firewall. If not, you could use your second ethernet interface to connect to a dedicated switch or configure a layer 2 vlan on exisiting switch meaning no routing is done on switch and configure the ports for this layer 2 vlan. Then connect your dmz device to these ports. You would use a seperate subnet for your dmz lan. Finally, create your ACLS to control access to and from the two LANS. again if you have no firewall.

So can I use a loopback interface, or would I use a sub interface for this ?

Hi

Loopback interface is a logical interface most widely being used to keep the routing process alive though ur other links flaps or goes down.

You cant make use of loopback interface here for this purpose of creating a DMZ.

As already mentioned by previous posters you can have different VLANs and get the connected on the routers ethernet interface by configuring subinterface with different encapsulation under it.

By that you will be doing intervlan routing between the different vlans avaialable over the in ur local lan.

But again you need to have IP PLUS ios image in ur router to create different encapsulation under ur routers ethernet interface.

If u want to screen or filter the traffic being sent to the server then i would suggest to put the server in the normal lan itself and apply necessary restrictions using ACLs in the router.

Also harden the server with latest patches and also block the unused and unecessary ports which is kept open by default..

regds