[ale] Netgear wireless router as hub
esoteric at 3times25.net
Sun Mar 5 18:59:31 EST 2006
H. A. Story wrote:
> Sounds like you are trying to over work this. First you can have a DMZ
> on the LAN if you want and it can be on the same subnet. You just
> forward all ports to that machine. You truly don't have a DMZ unless
> your ISP is providing you with more than one WAN IP address.
I don't believe that's correct. You can have a dmz by having multiple
firewalls with different sets of rules. Or, multiple nics in a firewall
with different rules for each. Simply, servers that provide services to
the outside world (http, ftp..) sit in the dmz, whereas your internal
network sits behind it, either on a different nic or behind another
firewall. The idea of the dmz is that the machines are protected, but
they do provide services to the outside world.
internet <-> bastion firewall <-> dmz <-> internal network
> Next I
> wouldn't put anything in the DMZ unless I was wanting to watch log files
> grow, since I don't' have a green thumb.
> You should read Bob's box. :) I really would NEVER suggest anyone
> putting a server in the DMZ.
I don't quite understand that statement. The DMZ does sit behind a
firewall of some type. A typical network would have a bastion firewall
between the internet and the dmz. It would then have a choke firewall
between the dmz and the internal network.
What is the purpose of a dmz if nothing is there???
Typically, I have a firewall that leads to a dmz. In that dmz you might
have a webserver. The dmz subnet does not contain any routable ips.
Web requests are simply forwarded to the webserver from the firewall.
That firewall is then connected to another firewall that sits between
the dmz and the local network. The dmz and local network have different
subnets, neither that are routable. It's a perfectly workable solution.
Until later, Geoffrey
War never solved anything, well, except slavery, fascism and communism
More information about the Ale