Re: Internet Firewall with 3interfaces
Date: Sat, 19 Nov 2005 05:33:26 GMT
Mathon Florent wrote:
> I am trying to build an internet firewall with SuSe10 and Yast
> there are 3 interfaces on the PC and the following settings
> - eth0 External (internet) 192.168.2.3
> - eth1 DMZ 192.168.4.1
> - eth2 Internal 192.168.3.1
> I could reach Internet from DMZ and from Internal
> But My problem is to reach DMZ from internal and internal from DMZ! how to
> do this ?
> Florent M
internet->router(block all internal)->dmz(nat, proxy, and
servers)->router(block all external)->internal
dmz can connect to the internet and internal network through routers that
block or pass your local subnet.
a firewall would go as a replacement for one or both of the routers
protecting the dmz or localnet. nowhere do you need 3 card split.
dmz is set up with just routers that only have to look at the ip
address(internal, external, dmz). the dmz machine should have just one
card. the idea is if the dmz has to be comprimised to access the internal
network. so... if you have to ask questions it proably won't add much.
- Re: Lets talk about firewalls - what do we as a group think a firewall should be/have?
... NAT, and the DMZ, since it's already secured, is a good place to tack ... If the "company" is not offering services to the Internet, ... and connections to the internal LAN should ... be by means of a second interface on the server. ...
- Re: Where to place the DMZ zone?
... hypothetically lets say you have no DMZ hosting an email bridgehead ... If a hacker were to compromise one of your email or web servers (they are ... That is, the Internet accessible servers ... that can be compromised are on your internal network, ...
- Re: Prividing Intranet Website Access To External Users
... I really wouldnt like to be having my company intranet on the ... I would probably integrate the ldap/dc as a security server on the ... >> The web server will be in the DMZ, and only port 443 will be ... >> intranets to the internet in a secure manner. ...
- Re: Forest Trust between Production & DMZ
... >> more vulnerable, external, then we are speaking of the trust ... If your DMZ gets whacked, ... To avoid the Swiss-cheese affect on the firewall, ... > Network segregation was a good thing at times when Internet Protocol was ...
- Re: AD in the DMZ - Any thoughts on this scenario?
... forest in a DMZ, not one that spans the DMZ and internal network. ... > in our internet facing DMZ. ...