[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall-1 DMZ configuration.
I'm sure someone will correct me if I am wrong but it would seem to make more sense to move your WWW and other servers to the DMZ, give them the 111.111.111.0 network and NAT your internal network. I am assuming you only have one Class C network so are limited internally to the 256 addresses but by NATing them on the 10.0.0.0 network, you would effectively be giving yourself a Class A network and giving yourself a whole lot more IP addresses for use with your internal PCs, printers, and servers. Also, if your NT firewall has three NICs, you should be able to do a DMZ without any new hardware. Set it up like this Internet | | Firewall ------- DMZ | | Internal Network Hope this helps. Jim Edwards Systems Manager Texas Secretary of State -----Original Message----- From: Paul Messer [mailto:[email protected]] Sent: Monday, January 29, 2001 7:46 AM To: [email protected] Subject: [FW1] Firewall-1 DMZ configuration. Dear All, we here have a problem...in that we have no DMZ currently.... I want to move all our externally facing www and ftp etc servers to a DMZ and I'm considering the Nokia FW platform to do it with...currently we're running it on an NT server. All the FTP and www servers have the same class c network address as the rest of our network i.e .www is 111.111.111.111 my machine is 111.111.111.67...is it possible to use NAT to ip address these boxes i.e. 10.10.50.111 and so on whilst still showing their real address to the outside world even though the network address shown would be normally routed on to our network... e.g... FW-1 with 3 NIC's ----> NAT 111.111.111.111 ----> 10.10.50.111 Also would it be possible / prudent to move the DNS / Mail server to the DMZ using the same NAT even though it's a POP3 mail server which ppl would connect to internally to collect mail. I'm sorry if it's a really stupid question but we've never done it before and I've only ever dabbled with NAT. Thanks in advance. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|