Jens,
This is the way I would do it. There may be other approaches that people
will come up with, but this works when I use it.
The www server would basically reside on the DMZ and have two addresses
associated with it. There will be an address assigned that is on the DMZ or
Intranet side and an external address that is defined on the firewall. On
the Intranet side the Intranet address of the server would be known only on
your internal DNS or hosts files of the workstations that access the
Intranet address of the www server. For the external users of this server
(Internet), you would provide an external address to the users that would be
translated by the firewall to the correct Intranet address. The Internet
users only know the external address and cannot connect to the Intranet
address because of rules on the firewall. The network address translation
hides the correct address for the Intranet network from the Internet users.
This will basically accomplish what you are trying to do.
Lance
Lance Ecklesdafer
[EMAIL PROTECTED]
http://members.tripod.com/ecklesd
----- Original Message -----
From: "Jens Pfeiffer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 07, 2000 7:13 AM
Subject: DMZ and external www-server
> Greetings,
> As I am new to all this Firewalling-Stuff, I'm not quite sure if I'm
really
> right here on this mailing list... sorry in advance if I'm wrong.
>
> My question:
> I know the basic structure of a DMZ, but I don't know if it is possible to
> put a www-server in a DMZ which isn't really in the DMZ.
> My problem is, that I want the www-server to be accessable from an
intranet
> and the internet. But I don't want to put this www-server in the DMZ
because
> the DMZ/Firewalling/Intranet is managed by an ohter enterprise. On the
other
> hand, I don't want to maintain two servers shareing the same information.
> How can I connect a www-server to the intranet and the internet without
> getting highliy vulnerable? Is it possible to connect the www-server via a
> vpn or with a secure connection?
> As I am not sure if I explained everything correctly, I'll do a little
> drawing:
>
> ********** ***** **********
> *INTRANET*****DMZ*****INTERNET*
> ********** ***** **********
> * This connection goes out into the internet to the
> www-server.
> * <- It must be acessable from intra/internet. Nobody
should
> see
> * that this server belongs to the internet or to the
> * intranet on the other side of the firewall.
> ************
> *www-server*
> ************
>
> Hoping that I didn't bother you and waitinf for your answers
> Jens
>
> $30
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
