Re: DMZ setup on firewall

From: Ben Sealey (ben@nothing.com)
Date: 03/07/03 

From: "Ben Sealey" <ben@nothing.com>
Date: Fri, 7 Mar 2003 15:23:36 -0500

Thanks nard

"nard" <nard@nardware.co.uk> wrote in message
news:pan.2003.03.07.09.36.29.260608@nardware.co.uk...
> On Thu, 06 Mar 2003 14:05:52 +0000, Ben Sealey wrote:
>
> > When setting up a DMZ what do the ports need to be set to?
> >
> > Firewall has 3 ports.
> I think you mean interfaces?
>
> >
> > Port one goes to the internet. Has and external IP address and subnet
mask
> > of 255.255.255.224
> >
> > Port two goes to internal network. Internal IP with subnet mask of
> > 255.255.255.0
> >
> > Port three is for the DMZ. Does that port need to have a different
subnet
> > mask then port one? Can the computers on this port have the same subnet
> > mask as port one?
>
> Assumption again......
>
> I think you mean "Do these computers need to be on a different network?".
> In a short answer, 99% of the time yes.
> (I wont even mention bridging firewalls here ;-))
>
>
> Imagine the DMZ as another network that has no rights to access
> the "Protected network", however can communicate to the outside world.
>
> Place any servers that provide services for external clients in your DMZ.
> Your firewall controlls what incoming conversations come from the
> un-trusted network and keeps them away from your protected clients.
> If (for example) a FTP server in your DMZ was "rooted" then the firewall
> would block access from the ftpd host to the "Protected network"
>
> To configure the firewall to route packets between these networks they
> will have to be on a different networks.
>
>
> >
> > Thanks for any help.

Relevant Pages

  • Re: DMZ setup on firewall
    ... What if the server on the DMZ were an MS Exchange 2K server that ... Could you put 2 network cards on the Exchange ... server and point one nic to the DMZ and one nic to the protected ... >> Port two goes to internal network. ...
    (comp.security.firewalls)
  • Re: Unable to join AD domain from DMZ network
    ... I would suggest you temp move the box internally and verify that it will work, even though your network dude said he is allowing all traffic through I'm guessing he wasn't allowing high ports. ... RPC needs a high port to work unless you lock it down to a specific port. ... authentication from DMZ to 2003 AD internal network. ... Server is unavailable". ...
    (microsoft.public.windows.server.active_directory)
  • Re: Unable to join AD domain from DMZ network
    ... It was the RDC Dynamic high port blocking the traffic. ... "Paul Bergson" wrote: ... the server from the DMZ registered ... authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Unable to join AD domain from DMZ network
    ... the server from the DMZ registered the ... unless you lock it down to a specific port. ... authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: adding IP range server nat/basic firewall
    ... You firstly want to know a bit about subnetting, though im sure your network ... so you want to assign it a /32 subnet mask. ... to include the port virtual earth communicates on. ... whichever transport protocol is used. ...
    (microsoft.public.windows.server.networking)
Quantcast