Re: Real IP's

From: Rex (cwinter_at_hotmail.com)
Date: 10/18/03 

Date: Sat, 18 Oct 2003 09:23:15 -0230

Yes.

That is what I'm looking at doing. I have my router/firewall box ready with
three nics.

However, there are a few problems.

I run several different web servers, several ftp servers, several mail
servers, etc.

I cannot see how I can use the 192.168.0.0 IP range and then use port
forwarding to the different servers???

>From what I've read it can not be done when you have several of the same
servers. ie. Four web servers.

I don't need to do any port forwarding to my local lan.

I do however want to run a dhcp server for my local lan and I'm not exactly
sure how this will interact with my router/firewall????

Any insight would be appreciated.

Thanks

"Todd Jones" <jonest1@charter.net> wrote in message
news:3F910ECD.10803@charter.net...
> I'm not sure if this is exactly what you are looking for, but it may be
> what you want. Otherwise, you'll need to give further information, but
> I'll give it a try.
>
> First, I'm assuming you have servers (http, smtp) which serve incoming
> connections from the internet. Therefore, I would place these servers
> on a DMZ. How you configure your DMZ is up to you, but the two most
> common methods is to do port forwarding onto some other network (not
> internal and not internet), or to assign the actual IP addresses to the
> boxes on the dmz and assign routes to each box. For this task, the most
> common way to do this with hardware is with three network cards
> (Internet, DMZ, LAN).
>
> Iptables masquerades your lan traffic for you.
>
> It sounds from your message below that your are considering port
> forwarding to your lan. This is generally seen as a bad idea.
>
> Todd Jones
>
> Rex wrote:
> > I'm re-doing our firewall at work and here's my situation.
> >
> > I'm running multiple servers with several different servers running
> > duplicate services ie: http, smtp, etc.
> >
> > I'll be doing a iptables based firewall/router, my question is...
> >
> > 1. I can't use private ip's (192.168.0.x) and port forward, so how
should I
> > forward/masq my real ip's??
> >
> > 2. What tools work well ??
> >
> > Thanks
> >
> >
>

Relevant Pages

  • Re: Domain in ISA2004 dmz
    ... put services that are needed to 'listen' for incoming internet requests ... DMZ trusts Seattle.Demo but seattle.demo does ... > Would it just be better if we left nothing but the web servers in the dmz ...
    (microsoft.public.isa)
  • Re: Where to place the DMZ zone?
    ... hypothetically lets say you have no DMZ hosting an email bridgehead ... If a hacker were to compromise one of your email or web servers (they are ... That is, the Internet accessible servers ... that can be compromised are on your internal network, ...
    (microsoft.public.isa)
  • Re: Correct routing/DNS config for dual-homed 2000 svr
    ... Your DMZ Servers should have one NIC that is connected to your firewall ... specified traffic in/out of of your DMZ and LAN. ... We have two internal DNS machines and are ...
    (microsoft.public.win2000.networking)
  • Re: Is there such thing as a multiple external IP to Lan IP firewall/router???
    ... >>the Pro 100 for public webservers, ftp servers etc. because of the DMZ ... >>client on a local LAN so I can do updates to the website quickly on the ... In my case my webserver is a standalone server two NICs, ...
    (comp.security.firewalls)
  • Re: Man gets nine years for spamming
    ... Here is the problem with blocklisting countries. ... away from windows if possible to anything on your DMZ. ... No. DMZ resources do not equate to LAN resources. ... The servers in the DMZ SHOULD NOT be dual homed back ...
    (alt.computer.security)