[ale] Netgear wireless router as hub

[Geoffrey]

H. A. Story wrote:
> Sounds like you are trying to over work this.  First you can have a DMZ 
> on the LAN if you want and it can be on the same subnet. You just 
> forward all ports to that machine.  You truly don't have a DMZ unless 
> your ISP is providing you with more than one WAN IP address.

I don't believe that's correct.  You can have a dmz by having multiple 
firewalls with different sets of rules.  Or, multiple nics in a firewall 
with different rules for each.  Simply, servers that provide services to 
the outside world (http, ftp..) sit in the dmz, whereas your internal 
network sits behind it, either on a different nic or behind another 
firewall.  The idea of the dmz is that the machines are protected, but 
they do provide services to the outside world.

Pictures:

internet <-> bastion firewall <-> dmz <-> internal network
                                    \_ webserver

> Next I 
> wouldn't put anything in the DMZ unless I was wanting to watch log files 
> grow, since I don't' have a green thumb.
> You should read Bob's box. :)  I really would NEVER suggest anyone 
> putting a server in the DMZ.

I don't quite understand that statement.  The DMZ does sit behind a 
firewall of some type.  A typical network would have a bastion firewall 
between the internet and the dmz.  It would then have a choke firewall 
between the dmz and the internal network.

What is the purpose of a dmz if nothing is there???

Typically, I have a firewall that leads to a dmz.  In that dmz you might 
have a webserver.  The dmz subnet does not contain any routable ips. 
Web requests are simply forwarded to the webserver from the firewall.

That firewall is then connected to another firewall that sits between 
the dmz and the local network.  The dmz and local network have different 
subnets, neither that are routable.  It's a perfectly workable solution.

-- 
Until later, Geoffrey

War never solved anything, well, except slavery, fascism and communism