Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 29 December 2024, 06:14:26 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  How to setup DMZ
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to setup DMZ  (Read 12942 times)
p3mul4
Jr. Member
*
Offline Offline

Posts: 5


« on: Wednesday 04 January 2012, 08:03:52 pm »

Hi Alls,

Please help me in setting the DMZ. I don't know where to start it.

I had webserver with IP : 172.26.6.X 255.255.255.x. I want to put it in DMZ. I installed 3 NIC in my ENDIAN where eth0 172.26.6.x, eth1 (DMZ) 172.26.6.x and eth2 200.201.202.x. What step i should start firts ?

Thanks for the helps
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Thursday 05 January 2012, 05:10:11 am »

The usual use of the DMZ is to allow access to a server to both internal users and external users.
The main use of the DMZ is to avoid that external users can access your internal servers.

So external users on Endian are on RED zone
Internal users are on GREEN zone
DMZ servers are on ORANGE zone.

You you need to achieve is:
A-Give access to external users to your DMZ server.
B-Give access to internal users to your DMZ server.
C-Avoid access from DMZ server to your internal subnet.

I'll use some fake IP addresses to the example:
-Green Zone: Internal users, subnet G.G.G.X
-Orange Zone: DMZ, subnet D.D.D.X. It has the webserver as D.D.D.20
-Red Zone: R.R.R.X

On Inter-zone firewall create 3 rules:
Rule 1:  Source:Zone ORANGE  Dest:Zone GREEN   Action: DENY
Rule 2:  Source:ANY  Dest:Zone ORANGE   Action: ALLOW WITH IPS

These rules will achieve the B & C goals.

To have external users accesing your server, you need to create a port forwarding rule:
Rule: Incoming IP: Uplink ANY Service: TCP/80  Translate to D.D.D.20

And there you go. This will allow you to connect to your server via http://D.D.D.20, from internet.
As an additional step, if you have a domain name you should edit your domain name DNS to point www.mywebpage.com to D.D.D.20.
It's similar with a dynamic IP and dynDNS.
Logged
p3mul4
Jr. Member
*
Offline Offline

Posts: 5


« Reply #2 on: Thursday 05 January 2012, 07:58:10 pm »

Hi, i try to draw the topology.

Hope these can make clear.

Is it possible the red and the orange in the same ip segment ?

Regards
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com