[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] What is recommended way to address a DMZ?
Let's say you're using 192.168.0.0/24 for your dmz subnet.
your webserver could be assigned 192.168.0.10, your mail server could be 192.168.0.11, ftp could be 192.168.0.12.
you could put a dns server at 192.168.0.2.
You would use static nat to map each of those to a corresponding public address in your range. dns server = public.x.x.2
In your domain registration, you indicate that the primary name server for your domain is at public.x.x.2. Your secondary name server would probably be hosted by your isp.
You would have an internal dns server in your private network configured to forward requests that it can't answer to the public dns in your dmz.
>>> [email protected] 12/16/02 01:14PM >>>
I know Fabio is looking for security reasons, but the practical is useful
to me, do you know of any pointers to information about setting up DNS
servers in DMZ?
(I have put mail and web servers in DMZ, but knew that I did not know
enough to configure DNS servers in there without a struggle. I use private
addresses and my ISP does not delegate or support reverse mappings to me
for the public IPs.)
Tony Iannotti
AVP: Dir. Net. Ops.
[email protected]
Phone:Cell:Fax:"Thinking implies disagreement; and disagreement implies non-conformity;
and non-conformity implies heresy; and heresy implies disloyalty --
so obviously thinking must be stopped"
[Call to Greatness, 1954] -- Adlai Stephenson
"#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)"
[export-a-crypto-system, 1994] -- Adam Back.
The #1 Way to Pay Online
http://www.checkfree.com/paybillsonline
Morten Jensen <[email protected]>
Sent by: Mailing list for discussion of Firewall-1
<[email protected]>
12/16/2002 12:38 PM
Please respond to Mailing list for discussion of Firewall-1
To: [email protected]
cc:
Subject: Re: [FW-1] What is recommended way to address a DMZ?
Hi F�bio
If you enjoy the extra fun you will have setting up the DNS servers, go
for DMZ (also the available number of public IP's is a good point)
I found both scenarios equally suited, but DNS is (can be) a bit funny
when it comes to DMZ with private IP's
Morten
-----Original Message-----
From: F�bio Rocha [mailto:[email protected]]
Sent: 16. december 2002 17:46
To: [email protected]
Subject: [FW-1] What is recommended way to address a DMZ?
Hi all,
I need to create a DMZ on my firewall and I have been thinking how I
should
address it, the possibilities are:
1. Use public Internet addresses.
2. Use private addresses and do the required translations on the firewall.
What is the best to do? What are the pros and cons of each addressing
method? I would like to hear your opinions on the subject.
Thanks in advance,
F�bio Rocha.
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================