[FW-1] RES: [FW-1] What is recommended way to address a DMZ?

[F�bio Rocha <fabior@FW1-NOSPAMESTACIO.BR>]

No, unfortunatelly  I have no pointers for the information you�re looking for, even though I know that if I choose to use private addressing I will have the very problem you�re describing.

 

Indeed setting up the DNS correctly in such environment is a complex issue.

 

F�bio.

 

-----Mensagem original-----
De: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@beethoven.us.checkpoint.com]Em nome de Tony Iannotti
Enviada em: segunda-feira, 16 de dezembro de 2002 16:15
Para: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Assunto: Re: [FW-1] What is recommended way to address a DMZ?

I know Fabio is looking for security reasons, but the practical is useful to me, do you know of any pointers to information about setting up DNS servers in DMZ?

(I have put mail and web servers in DMZ, but knew that I did not know enough to configure DNS servers in there without a struggle. I use private addresses and my ISP does not delegate or support reverse mappings to me for the public IPs.)
 

Tony Iannotti
AVP: Dir. Net. Ops.
tiannotti@checkfree.com
Phone:
Cell:
Fax:

"Thinking implies disagreement; and disagreement implies non-conformity;
and non-conformity implies heresy; and heresy implies disloyalty --
so obviously thinking must be stopped"
[Call to Greatness, 1954] -- Adlai Stephenson

"#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)"
[export-a-crypto-system, 1994] -- Adam Back.

The #1 Way to Pay Online
http://www.checkfree.com/paybillsonline
 

Morten Jensen <mjensen@GIBUNCO.COM> Sent by: Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST@beethoven.us.checkpoint.com> 12/16/2002 12:38 PM Please respond to Mailing list for discussion of Firewall-1

To:        FW-1-MAILINGLIST@beethoven.us.checkpoint.com         cc:                 Subject:        Re: [FW-1] What is recommended way to address a DMZ?

Hi F�bio
If you enjoy the extra fun you will have setting up the DNS servers, go for DMZ (also the available number of public IP's is a good point)

I found both scenarios equally suited, but DNS is (can be) a bit funny when it comes to DMZ with private IP's

Morten

-----Original Message-----
From: F�bio Rocha [mailto:fabior@ESTACIO.BR]
Sent: 16. december 2002 17:46
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: [FW-1] What is recommended way to address a DMZ?

Hi all,

I need to create a DMZ on my firewall and I have been thinking how I should
address it, the possibilities are:

1. Use public Internet addresses.
2. Use private addresses and do the required translations on the firewall.

What is the best to do? What are the pros and cons of each addressing
method? I would like to hear your opinions on the subject.

Thanks in advance,
F�bio Rocha.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================