Re: DMZ & DHCP

From: Somebody. (somebody._at_spamout.russdoucet.com)
Date: 09/26/05


Date: Mon, 26 Sep 2005 14:01:59 -0400


<timbrigham@gmail.com> wrote in message
news:1127752555.574988.319530@g44g2000cwa.googlegroups.com...
> My company is in the process of repartitioning the network, including
> the adoption of a DMZ for all of our web based servers and wireless
> clients.
> All DMZ computers will use private IP addresses with NAT for any public
> access required.
> My question is this: For the wireless clients in the DMZ I need to have
> DHCP available. Should I allow this traffic through the router /
> firewall's internal interfaces and try to use my existing DHCP
> server? Or should I install DHCP on one of the DMZ computers? I'm
> leaning towards allowing DHCP using my existing server if possible. If
> I can do this what do I need to do to specify the use of a second DHCP
> zone?
> My DHCP server is running Windows 2003 with the standard Microsoft DHCP
> server.

I think I would use a separate dhcp server in the dmz -- setting up a dhcp
server to dish out ip's in a range that it's not even participating in would
be ugly. Why allow such traffic across the dmz boundary?

And btw why do you need DHCP in your DMZ? Aren't the servers using static
IP's? If not, how do you reach them from the other zones?

-Russ.



Relevant Pages

  • RE: DCs in der DMZ am besten wie?
    ... also ich würde sofern deine FW das unterstützt einen radius server zur auth. ... > User/Hostrechner die vom Internet kommen, müssten sich in der DMZ ... Daten kommen von der Database Zone und geben ... > wenn ich in der DMZ einen Reverse Proxy (ISA) Server und in der Applik. ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: dns + firewall?
    ... DMZ for DNS? ... Local computers will not be able to use the DNS in the DMZ for DNS because ... That being said, in the DNS server for the internal LAN, create a zone named ...
    (microsoft.public.win2000.dns)
  • Re: Unable to join AD domain from DMZ network
    ... a DC into a zone it can be accessed ... I did not setup another DC in DMZ. ... of setting up standalone workgroup account database for the server in DMZ, ... authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Exchange 2003 Server depolyment doubts
    ... A huge "no." Putting any Exchange server, even a front-end server, is ... server) on our DMZ thus i have to place it in DMZ. ... it is pretty safe to have exchange in the trusted zone. ...
    (microsoft.public.exchange.setup)
  • Re: unknown ip address in wallwatcher
    ... You need to enable DMZ ... showing the syslog data from the router in the NG. ... you broadcasting to a DHCP IP a machine may get ... LAN will most likely get the .100 DHCP IP over and over due to the NIC's ...
    (comp.security.firewalls)