[plug] DMZ with IPCop

Daniel Pearson plug at flashware.net
Wed Feb 19 22:34:09 WST 2003


I'm running a primary dns server with zones, using bind 9 has an external db
file, and many internal db files.

Daniel

----- Original Message -----
From: "Quintin Lette" <quintin at arach.net.au>
To: <plug at plug.linux.org.au>
Sent: Wednesday, February 19, 2003 5:19 PM
Subject: Re: [plug] DMZ with IPCop


> Have you pinholed port 53? Are you running a primary or secondary dns
server
> with zones or just cacheing dns server? If you are only running cacheing
then
> its probably better to put dns server on internal network (your webserver
> doesn't really need it)
>
>
> Quintin
>
>
> On Wednesday 19 February 2003 21:54, Daniel Pearson wrote:
> > Nathan, I have seen that and read about it -- but i'm not sure if I need
to
> > use that? Its almost as if the DNS requests are just timing out.. even
for
> > just the internal requests its doing (e.g. doing ping gateway, from a
> > workstation -- it'll look at the DMZ to resolve gateway to
192.168.100.1,
> > but the request times out)
> >
> > Cheers,
> > Daniel
> >
> > ----- Original Message -----
> > From: "Nathan D" <natdan at pobox.com>
> > To: "Plug List" <plug at plug.linux.org.au>
> > Sent: Wednesday, February 19, 2003 9:40 PM
> > Subject: Re: [plug] DMZ with IPCop
> >
> > > At 09:10 PM 19/02/2003 +0800, Daniel Pearson wrote:
> > > >Has anyone had experience with running a DMZ with IPCop? I'm running
> > > > into
> >
> > a
> >
> > > >few issues, and can't seem to put my finger on what exactly is wrong.
> > > >
> > > >The router has 3 interfaces, eth0 (internal lan, 192.168.100.0/24),
eth1
> > > >(dmz connected by crossover, 192.168.50.1 + .2), and eth2 is the
> >
> > external.
> >
> > > >Now, from the router, or any machine on the network I can ping
> >
> > 192.168.50.2,
> >
> > > >however from 50.2 I cannot ping anything on the 100 network, or even
the
> > > >router on the other end of the crossover cable. Also, when I edit
> > > >/etc/resolv.conf on the router and put .50.2 as its nameserver, from
the
> > > >router I can then not ping anything.
> > > >
> > > >As a result of such.. my DNS isn't working, as that resides on the
DMZ
> > > >(debian woddy 3 default install, running bind 9, apache and postfix).
> > > > Has anyone else come across this before?
> > >
> > > I have not used IpCop at all, but (politics aside), have been a long
time
> > > fan of SmoothWall.  Also, I have not setup a DMZ, but have read plenty
> > > about it on the SmoothWall mailing list.
> > > A little excerpt from the help file from the relevant config page of
the
> > > latest version of smoothwall  -
> > >
> > > "DMZ Pinhole Configuration
> > > This page is for advanced users with DMZ setups.
> > > With this page, the administrator can configure "holes" between the
DMZ
> >
> > and
> >
> > > the local network. The standard configuration, without any holes
setup,
> > > blocks any host on the ORANGE network from connecting to a host on the
> > > GREEN network. Often this is not totally desirable, however, and it
can
> > > be useful, if slightly risky security wise, to allow a host on the
ORANGE
> > > network to connect to a host on the GREEN side in a very limited
fashion.
> > > This page lets you do this.
> > > The protocol can be set, although it is not recommended to use UDP for
> > > pinholing. Source IP is a machine on the ORANGE network, Destination
IP
> > > is the host on GREEN, and Destination port is the port on the GREEN
> > > machine that you want to allow the ORANGE machine to connect to.
> > > Typically this would be used to allow a webserver on ORANGE to connect
to
> >
> > a
> >
> > > mail server on GREEN for WebMail purposes."
> > >
> > >
> > > regards,
> > >    Nathan D.
> > >
> > > Linux Conference Au  Jan 22-25 2003
> > > http://conf.linux.org.au/ <-- You missed it :(
> >
>
> --------------------------------------------------------------------------
-
> >- ----
> >
> > > ---
> > > This mail is certified Virus Free.  How about yours?
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/2003
>
>
>



More information about the plug mailing list