Hello folks!
I would like an advice.
I am planning a small lan infra-structure to an office I work for.
My structure needs a Firewall, Proxy and Active Directory. I will use
one deskserver for shorewall and squid and a server for AD and
fileserver.
I want to install the AD server on DMZ. I made
João Kuchnier wrote:
>I am planning a small lan infra-structure to an office I work for.
>
>My structure needs a Firewall, Proxy and Active Directory. I will use
>one deskserver for shorewall and squid and a server for AD and
>fileserver.
>
>I want to install the AD server on DMZ. I made some rese
I wrote:
>It's not dangerous, but it is tricky to set up. I
>did something not too dissimilar a while ago -
>multi-zone firewall for a multi-tenant business
>centre. The biggest problem is that by default,
>desktop-server communications for some stuff
>doesn't use defined ports - IIRC the server p
In general you should never have a windows machine in a dmz.Thats the
biggest problem with this setup
On Sep 4, 2009, at 11:31, Simon Hobson wrote:
> I wrote:
>
>> It's not dangerous, but it is tricky to set up. I
>> did something not too dissimilar a while ago -
>> multi-zone firewall for a m
Christ Schlacta wrote:
>In general you should never have a windows machine in a dmz.Thats the
>biggest problem with this setup
Well if you are exposing it to the outside world then that's exactly
where it should be. I agree that if it's not accessible from outside,
it shouldn't be there. It wasn
Thanks for your help guys.
I think there is no need to create a DMZ with only one server for now.
Best regards,
João K.
Simon Hobson escreveu:
Christ Schlacta wrote:
In general you should never have a windows machine in a dmz.Thats the
biggest problem with this setup
no, I'm saying exposing windows to the internet is always a bad idea.
it should NEVER be in a dmz, and should always be protected by the
firewall with a policy reject or policy drop.
Simon Hobson wrote:
> Christ Schlacta wrote:
>> In general you should never have a windows machine in a dmz.Thats
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christ Schlacta wrote:
> no, I'm saying exposing windows to the internet is always a bad idea.
> it should NEVER be in a dmz, and should always be protected by the
> firewall with a policy reject or policy drop.
Christ -- perhaps you need to re-read
:op. My bad
On Sep 4, 2009, at 18:22, Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Christ Schlacta wrote:
>> no, I'm saying exposing windows to the internet is always a bad idea.
>> it should NEVER be in a dmz, and should always be protected by the
>> firewall with a p
Christ Schlacta wrote:
>no, I'm saying exposing windows to the internet is always a bad idea.
>it should NEVER be in a dmz, and should always be protected by the
>firewall with a policy reject or policy drop.
I'll politely disagree, I think you are being "a bit strong" there.
I'm as 'sceptical' a
10 matches
Mail list logo
