On Mon, 16 Mar 2020 09:49:30 +0100 pebwindkraft <pebwindkr...@gmail.com> wrote:
> Hi, > > I have a question concerning static routes and default gateways for a > DMZ setup, with internal and external firewall. > ... > What would be the correct design? > Can I use "only" the ext_fw with a static route, so that packages > from DNS would travel twice through DMZ net (from DNS to ext_fw, and > then from ext_fw via int_fw back to int_pc)? > > The information I found on misc@ and internet is usually talking > about "home router" with NAT and three network cards, where one leg > supplies the DMZ... Mine is different, and I think I do not need NAT > here? Hi, I have similar setup. Being on public IP space, I treat my DMZ as "Internet", meaning private IP addresses, either from Internet or from internal network, must not be able to contact it. So, I NAT everything from internal network to DMZ, which results in DNS & http seing requestes from em1, and not from internal network. Should you need more information don't hesitate to ask. Regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
