Add an interface to your firewall. A DMZ is a seperate logical network
where you want to put any hosts the outside world is going to touch.
As far as how your internal network talks to the DMZ and vice versa, that
is what your firewall policy will decide. Remember this though: if at all
possible, avoid letting anything in your DMZ talk to your internal
network. These hosts are not to be trusted. Also, consider all your DMZ
hosts as "sacrificial". Patch, harden, and baseline them (a tripwire-like
tool will do hashes against the files you specify so if something has been
modified on your dmz hosts, you can tell what, where, and when.. then you
can figure out the how..).
Good luck
Carric Dooley
Senior Consultant
COM2:Interactive Media
"But this one goes to eleven."
-- Nigel Tufnel
On Mon, 2 Jul 2001, Stewart, Chris B wrote:
>
> Hello All,
>
> I am in desperate need of some help. I am considering implementing a DMZ in
> my network and am interested in knowing how to set up an DMZ. What I would
> like to do is put my Web server and mail server behind the DMZ on a
> completely different subnet. What I don't understand is how is the routing
> functionality accomplished? Do I have to have a dedicated router for this?
> If we do, how do we have sessions from LAN to DMZ but not other way? Is this
> done by the router or the firewall. Also, is the DMZ most commonly a
> separate appliance or is it an extra NIC in my firewall configured with a
> different IP address. All responses and information on DMZ are appreciated.
> I am very ignorant on this topic.
>
> Thanks, Chris Stewart
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
