[ale] Proper way to setup DMZ LAN
Alex Carver
agcarver+ale at acarver.net
Sat Mar 25 00:30:55 EDT 2017
On 2017-03-24 21:05, Scott Castaline wrote:
> Okay I've had the cable pulled in my house I was able to unbrick an
> older ASUS router which is running ASUSWRT-Merlin which has the radios
> shutoff for the access part of it. Many years ago I remember setting up
> several dual LANs, the first LAN was unsecured and all of the web facing
> gear was on that. Then a second router with LAN to LAN interfaces which
> connected to LAN 1 and LAN 2 was off of this router and was a secured
> network. I thought this what a DMZ was, but on google searching DMZ
> structure I'm finding that the DMZ is a single server by itself. The
> other thing that I'm finding is that the secured LAN is on LAN 1 and the
> DMZ is on LAN 2. That doesn't make sense to me.
>
> Can anyone enlighten me with what would be the correct way of doing this?
>
>
You can make up a DMZ using a three port router or you can daisy chain
two routers with the link between them being the DMZ. Your LAN would
hang off the back router farthest from the WAN.
Either way you're just setting up a bunch of packet filter and routing
rules. The advantage of the dual router approach is that it would
theoretically be harder to break into your LAN because two routers would
need to be compromised.
A single router approach needs a router that can handle all traffic.
The dual router approach only needs enough horsepower on the front
router to handle the traffic. The back router, in theory, sees less
traffic.
More information about the Ale
mailing list