[plug] DMZ with IPCop

[Daniel Pearson]

Quintin,
IPCop basically is smoothwall, just thought i'd shed that information for
you :) I was running smoothwall, but still had no luck. From the DMZ I can't
ping a single thing, not even 50.1 which is the DMZ link on the router. I
use the port forwarding, and can connect to the webserver on the DMZ, thats
fine -- but DNS just doesn't seem to work. The DNS is using forwarding, so
it redirects external requests to the ISPs nameservers, but for internal
requests for the network it takes care of that itself. I just can't seem to
work out whats going wrong :(

Daniel
----- Original Message -----
From: "Quintin Lette" <quintin at arach.net.au>
To: <plug at plug.linux.org.au>
Sent: Wednesday, February 19, 2003 9:24 PM
Subject: Re: [plug] DMZ with IPCop


> Your DMZ machines shouldn't be able to see your Local machines, thats
> basically the idea of it all, unless you setup DMZ pinholes (basically
> allowing ports through)
>
> The idea of a DMZ or Demilitarised Zone is that you can have some machines
> less secure than others :) (ie to allow services) you separate this so
that
> your internal network isn't exposed, and generally accessing the local
> machines through DMZ is a no no.  However as this is not entirely
practical
> all the time (like for securing mail servers but allowing webserver to
access
> it) you can allow pin holes.  I have only used this with Smoothwall (and
> never actually seen IP COP) but it is reasonably simple through web
> interface.  As for ping you should be able to ping eth1 of router but not
> eth0 unless IPCOP ignores ping on dmz interface (also possible)
>
> HTH (and putting on flame suit incase someone has a different opinion :P)
>
> Quintin
>
> On Wednesday 19 February 2003 21:10, Daniel Pearson wrote:
> > Has anyone had experience with running a DMZ with IPCop? I'm running
into a
> > few issues, and can't seem to put my finger on what exactly is wrong.
> >
> > The router has 3 interfaces, eth0 (internal lan, 192.168.100.0/24), eth1
> > (dmz connected by crossover, 192.168.50.1 + .2), and eth2 is the
external.
> >
> > Now, from the router, or any machine on the network I can ping
> > 192.168.50.2, however from 50.2 I cannot ping anything on the 100
network,
> > or even the router on the other end of the crossover cable. Also, when I
> > edit
> > /etc/resolv.conf on the router and put .50.2 as its nameserver, from the
> > router I can then not ping anything.
> >
> > As a result of such.. my DNS isn't working, as that resides on the DMZ
> > (debian woddy 3 default install, running bind 9, apache and postfix).
Has
> > anyone else come across this before?
> >
> > Regards,
> > Daniel Pearson
>
>
>