|
Title: How to setup DMZ Post by: p3mul4 on Wednesday 04 January 2012, 08:03:52 pm Hi Alls,
Please help me in setting the DMZ. I don't know where to start it. I had webserver with IP : 172.26.6.X 255.255.255.x. I want to put it in DMZ. I installed 3 NIC in my ENDIAN where eth0 172.26.6.x, eth1 (DMZ) 172.26.6.x and eth2 200.201.202.x. What step i should start firts ? Thanks for the helps Title: Re: How to setup DMZ Post by: mrkroket on Thursday 05 January 2012, 05:10:11 am The usual use of the DMZ is to allow access to a server to both internal users and external users.
The main use of the DMZ is to avoid that external users can access your internal servers. So external users on Endian are on RED zone Internal users are on GREEN zone DMZ servers are on ORANGE zone. You you need to achieve is: A-Give access to external users to your DMZ server. B-Give access to internal users to your DMZ server. C-Avoid access from DMZ server to your internal subnet. I'll use some fake IP addresses to the example: -Green Zone: Internal users, subnet G.G.G.X -Orange Zone: DMZ, subnet D.D.D.X. It has the webserver as D.D.D.20 -Red Zone: R.R.R.X On Inter-zone firewall create 3 rules: Rule 1: Source:Zone ORANGE Dest:Zone GREEN Action: DENY Rule 2: Source:ANY Dest:Zone ORANGE Action: ALLOW WITH IPS These rules will achieve the B & C goals. To have external users accesing your server, you need to create a port forwarding rule: Rule: Incoming IP: Uplink ANY Service: TCP/80 Translate to D.D.D.20 And there you go. This will allow you to connect to your server via http://D.D.D.20, from internet. As an additional step, if you have a domain name you should edit your domain name DNS to point www.mywebpage.com to D.D.D.20. It's similar with a dynamic IP and dynDNS. Title: Re: How to setup DMZ Post by: p3mul4 on Thursday 05 January 2012, 07:58:10 pm Hi, i try to draw the topology.
Hope these can make clear. Is it possible the red and the orange in the same ip segment ? Regards |