(64.0.0.0 - 95.255.255.255). Which RFC talks about it? I have no idea what they're reserved
for, and doing a search on the range itself gets me nothing but a blank screen.
Any ideas? Only thing I know is that it ain't covered in RFC 1918 (Internal Netblocks).
At 09:41 AM 8/24/99 -0700, David Watson wrote:
>>>>
I'm new with Fire Wall security. My superior seems to know more about it. but after this message I have my doubts.<<<<
Can anyone help?
-----Original Message-----
From: XXXXXXXXX
Sent: Tuesday, August 24, 1999 9:01 AM
To: David Watson
Subject: RE: DNS ..where to put..DMZ or ...
My suggestion would be to have PCI's DNS point to things that are going to be in the DMZ (ftp and www). Then pointers for everything else should be in a DNS behind the firewall. Also, we should have NAT and/or a proxy in or behind the firewall/router. Finally, all the internal IP addresses should be private (numbers that cannot be forwarded on the Internet) such as the 90.0.0.0 to .255 range with a 255.255.255.0 subnet.
-----Original Message-----
From: David Watson
Sent: Monday, August 23, 1999 6:35 PM
To: Eric Ford
Subject: FW: DNS ..where to put..DMZ or ...
Eric I'll forward the replies if you would like
-----Original Message-----
From: Tally [<mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]]
Sent: Monday, August 23, 1999 4:52 PM
Subject: DNS ..where to put..DMZ or ...
This question has been asked n number of times on
this list. but after searching through the archives
it has confused us more as there are numerous
threads and its difficult to follow multiple
threads
I N T E R N E T
|
Firewall---Webserver(aka dmz)
|
Internal Network
A typical set up. The internal network has its own
"internal" DNS but the hosts have 10.x.x.x
addresses.
now the question. where do I place the DNS server.
what if I place it on the same host as Webserver on
the DMZ. This DNS server would be the name server
for the domain hosted by the firewall... correct..
?
and next , is there a way so that sitting on the
web server one could access hosts in the internal
network by name... how can this be achieved... ?
this is the hard part.
thanks and please email me
tally
Joel Gridley "Be the packet."
Network Security/Firewall Specialist
GTE Internetworking, "Powered by BBN."
Burlington, MA - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
