[plug] DMZ with IPCop
Daniel Pearson
plug at flashware.net
Thu Feb 20 06:21:20 WST 2003
Ok, further to my discussion, Quintin and I spent an hour or two nutting it
out last night and have achieved a few things.
1) My DNS is working, its definitely not my config. I plugged the DNS into
the internal network, and all the requests worked.
2) Its definitely something to do with the config of IPCop/Smoothwall,
because I added a pinhole for the DMZ to access an FTP on my laptop, and it
could do that fine.
So, I can't understand why when I add a pinhole for port 53 both tcp AND udp
why it still won't work?! It's really got both myself, and Quintin beat.
Cheers,
Daniel Pearson
----- Original Message -----
From: "Nathan D" <natdan at pobox.com>
To: "Plug List" <plug at plug.linux.org.au>
Sent: Wednesday, February 19, 2003 9:40 PM
Subject: Re: [plug] DMZ with IPCop
> At 09:10 PM 19/02/2003 +0800, Daniel Pearson wrote:
> >Has anyone had experience with running a DMZ with IPCop? I'm running into
a
> >few issues, and can't seem to put my finger on what exactly is wrong.
> >
> >The router has 3 interfaces, eth0 (internal lan, 192.168.100.0/24), eth1
> >(dmz connected by crossover, 192.168.50.1 + .2), and eth2 is the
external.
> >
> >Now, from the router, or any machine on the network I can ping
192.168.50.2,
> >however from 50.2 I cannot ping anything on the 100 network, or even the
> >router on the other end of the crossover cable. Also, when I edit
> >/etc/resolv.conf on the router and put .50.2 as its nameserver, from the
> >router I can then not ping anything.
> >
> >As a result of such.. my DNS isn't working, as that resides on the DMZ
> >(debian woddy 3 default install, running bind 9, apache and postfix). Has
> >anyone else come across this before?
>
> I have not used IpCop at all, but (politics aside), have been a long time
> fan of SmoothWall. Also, I have not setup a DMZ, but have read plenty
> about it on the SmoothWall mailing list.
> A little excerpt from the help file from the relevant config page of the
> latest version of smoothwall -
>
> "DMZ Pinhole Configuration
> This page is for advanced users with DMZ setups.
> With this page, the administrator can configure "holes" between the DMZ
and
> the local network. The standard configuration, without any holes setup,
> blocks any host on the ORANGE network from connecting to a host on the
> GREEN network. Often this is not totally desirable, however, and it can be
> useful, if slightly risky security wise, to allow a host on the ORANGE
> network to connect to a host on the GREEN side in a very limited fashion.
> This page lets you do this.
> The protocol can be set, although it is not recommended to use UDP for
> pinholing. Source IP is a machine on the ORANGE network, Destination IP is
> the host on GREEN, and Destination port is the port on the GREEN machine
> that you want to allow the ORANGE machine to connect to.
> Typically this would be used to allow a webserver on ORANGE to connect to
a
> mail server on GREEN for WebMail purposes."
>
>
> regards,
> Nathan D.
>
> Linux Conference Au Jan 22-25 2003
> http://conf.linux.org.au/ <-- You missed it :(
>
>
----------------------------------------------------------------------------
----
>
> ---
> This mail is certified Virus Free. How about yours?
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/2003
>
More information about the plug
mailing list