[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] New DMZ setup help
Howdy! We are setting up a DMZ area for several of our servers. I went through everything I could find at Phone Boy's, and at Checkpoint, but it just is not working. Here is our setup (with the real IP's changed to protect the innocent) We are running Checkpoint Firewall-1, 4.1 SP1, on a Solaris box, running Sun O/S 2.6, with the latest service packs We have a class C address, 1.2.3.x, which comes into a Cisco 2621 router. The FE0/0 interface is 1.2.3.20, 255.255.255.0. This goes to the Firewall on QFE1, which has a address of 1.2.3.1/255.255.255.0. The inside interface, QFE0, is 10.1.0.1/255.255.0.0 (we are using that Class A address, with headquarters using the 10.1.x.x Class B address. The third interface, which will be the DMZ interface, is QFE2, and I addressed it as 1.2.3.2/255.255.255.0. It goes out to a 10/100 Switch, with 4 machines. The first is a SMTP server, 1.2.3.3, the second is a Domino server, 1.2.3.10, the third is a NNTP server, 1.2.3.30, and the fourth is a mainframe, 1.2.3.51. I put ARP entries on the 1.2.3.1 interface, arping each of the DMZ machines to that interface. I made each machine on the DMZ have a default gateway of 1.2.3.2, and put routing statements in Solaris pointing each I.P. address to the 1.2.3.2 interface. I created rules allowing each of those machines to have ALL -> address, and address -> ALL for the ports that they needed. The log shows an accept coming into the machine on the rule that allows, then a deny on rule 0. Where did I get lost at? Thanks in advance James ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|