I would suggest to use a seperate & illegal IP address scheme for the
DMZ, do not the same IP addreses as for the external interface and the
DMZ addresses. then use static NAT for two way HTTP flow from the DMZ.
this can be a bit tricky, but not real tough.
Amit Kaushal
______________________________ Reply Separator _________________________________
Subject: DMZ and IP
Author: [EMAIL PROTECTED] at Internet-USA
Date: 7/9/2000 6:17 PM
Hi everybody
I have a problem with a firewall that I been trying to set up.
The case is that I need to set up a firewall between the coorporate LAN and
the internet and allow public access to a web server. So I thought (after
having read a lot of posts about DMZ) this is a classic DMZ scenario, but as
I tried to implement it (using ipchains and RH6.1) I found that the routing
is a bit of a problem. Here comes a scheme to make it clear how my setup is:
The firewall has three nic's:
Internal: eth0, 192.168.10.10/255.255.255.0
DMZ: eth1, 172.24.42.200/255.255.0.0
External: eth2, 172.24.42.100/255.255.0.0
The WEB-server has ip 172.24.42.222/255.255.0.0
The problem is that RH put up a route from 172.24.0.0 to eth1 AND eth2,
which makes all the packets end up the wrong places.
This ends with two questions:
How do I remove the route?
Is this approch good / correct? How should a DMZ otherwise be setup?
Thanks in advance
Jacob Kjeldahl
Spobjergvej 42,12
8220 Brabrand
tlf. 894449176
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
