Re: dhcpd in dmz ?
From: David Efflandt (efflandt_at_xnet.com)
Date: 10/28/04
- Next message: Moe Trin: "<LONG>Re: Question rephrase"
- Previous message: David Efflandt: "Re: Automating Telnet Sessions"
- In reply to: peter pilsl: "dhcpd in dmz ?"
- Next in thread: Tauno Voipio: "Re: dhcpd in dmz ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 27 Oct 2004 23:47:37 +0000 (UTC)
On Wed, 27 Oct 2004 13:09:50 +0200, peter pilsl <pilsl@goldfisch.at> wrote:
>
> We currently have one server that provides dhcpd, bind, smtp, imap, web
> ... for our LAN. Now we want to open imap/web for access from the
> outside too and think about moving this server to the DMZ.
>
> Does that make sense? Is it technically possible with common firewalls?
> (at the moment we use a softwarefirewall, but we think about switching
> to a hardwarefirewall like the zyxel ZyWall50) Especially dhcpd bothers
> me, cause I dont have any idea if it is possible to "open" a door for
> arp between the DMZ and the intranet. To me it sounds like this would
> spoil the whole sense of DMZ.
>From the view of SuSEfirewall2 a DMZ should be public IPs on a separate
nic (which might or might not be allowed direct communication with LAN).
Although, broadband routers have the view that a DMZ is a single IP that
receives all incoming ports not specifically forwarded to other IPs.
But in order for a server to work, it should have a static IP (so your
firewall knows where to forward incoming public traffic). You can assign
a static IP using dhcp based on MAC address. But much easier to simply
configure the server with static IP, gateway and DNS.
- Next message: Moe Trin: "<LONG>Re: Question rephrase"
- Previous message: David Efflandt: "Re: Automating Telnet Sessions"
- In reply to: peter pilsl: "dhcpd in dmz ?"
- Next in thread: Tauno Voipio: "Re: dhcpd in dmz ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
