[plug] DMZ with IPCop

Nathan D natdan at pobox.com
Wed Feb 19 21:40:48 WST 2003


At 09:10 PM 19/02/2003 +0800, Daniel Pearson wrote:
>Has anyone had experience with running a DMZ with IPCop? I'm running into a
>few issues, and can't seem to put my finger on what exactly is wrong.
>
>The router has 3 interfaces, eth0 (internal lan, 192.168.100.0/24), eth1
>(dmz connected by crossover, 192.168.50.1 + .2), and eth2 is the external.
>
>Now, from the router, or any machine on the network I can ping 192.168.50.2,
>however from 50.2 I cannot ping anything on the 100 network, or even the
>router on the other end of the crossover cable. Also, when I edit
>/etc/resolv.conf on the router and put .50.2 as its nameserver, from the
>router I can then not ping anything.
>
>As a result of such.. my DNS isn't working, as that resides on the DMZ
>(debian woddy 3 default install, running bind 9, apache and postfix). Has
>anyone else come across this before?

I have not used IpCop at all, but (politics aside), have been a long time 
fan of SmoothWall.  Also, I have not setup a DMZ, but have read plenty 
about it on the SmoothWall mailing list.
A little excerpt from the help file from the relevant config page of the 
latest version of smoothwall  -

"DMZ Pinhole Configuration
This page is for advanced users with DMZ setups.
With this page, the administrator can configure "holes" between the DMZ and 
the local network. The standard configuration, without any holes setup, 
blocks any host on the ORANGE network from connecting to a host on the 
GREEN network. Often this is not totally desirable, however, and it can be 
useful, if slightly risky security wise, to allow a host on the ORANGE 
network to connect to a host on the GREEN side in a very limited fashion. 
This page lets you do this.
The protocol can be set, although it is not recommended to use UDP for 
pinholing. Source IP is a machine on the ORANGE network, Destination IP is 
the host on GREEN, and Destination port is the port on the GREEN machine 
that you want to allow the ORANGE machine to connect to.
Typically this would be used to allow a webserver on ORANGE to connect to a 
mail server on GREEN for WebMail purposes."


regards,
   Nathan D.

Linux Conference Au  Jan 22-25 2003
http://conf.linux.org.au/ <-- You missed it :(

-------------- next part --------------

---
This mail is certified Virus Free.  How about yours?
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/2003


More information about the plug mailing list