[plug] DMZ with IPCop
Quintin Lette
quintin at arach.net.au
Wed Feb 19 21:24:01 WST 2003
Your DMZ machines shouldn't be able to see your Local machines, thats
basically the idea of it all, unless you setup DMZ pinholes (basically
allowing ports through)
The idea of a DMZ or Demilitarised Zone is that you can have some machines
less secure than others :) (ie to allow services) you separate this so that
your internal network isn't exposed, and generally accessing the local
machines through DMZ is a no no. However as this is not entirely practical
all the time (like for securing mail servers but allowing webserver to access
it) you can allow pin holes. I have only used this with Smoothwall (and
never actually seen IP COP) but it is reasonably simple through web
interface. As for ping you should be able to ping eth1 of router but not
eth0 unless IPCOP ignores ping on dmz interface (also possible)
HTH (and putting on flame suit incase someone has a different opinion :P)
Quintin
On Wednesday 19 February 2003 21:10, Daniel Pearson wrote:
> Has anyone had experience with running a DMZ with IPCop? I'm running into a
> few issues, and can't seem to put my finger on what exactly is wrong.
>
> The router has 3 interfaces, eth0 (internal lan, 192.168.100.0/24), eth1
> (dmz connected by crossover, 192.168.50.1 + .2), and eth2 is the external.
>
> Now, from the router, or any machine on the network I can ping
> 192.168.50.2, however from 50.2 I cannot ping anything on the 100 network,
> or even the router on the other end of the crossover cable. Also, when I
> edit
> /etc/resolv.conf on the router and put .50.2 as its nameserver, from the
> router I can then not ping anything.
>
> As a result of such.. my DNS isn't working, as that resides on the DMZ
> (debian woddy 3 default install, running bind 9, apache and postfix). Has
> anyone else come across this before?
>
> Regards,
> Daniel Pearson
More information about the plug
mailing list