From: Michael Gale <michael.gale@pason.com>
To: netfilter@lists.netfilter.org
Subject: Re: DMZ howto
Date: Thu, 22 Sep 2005 14:16:53 -0600 [thread overview]
Message-ID: <43331135.20705@pason.com> (raw)
In-Reply-To: <43330FF9.30106@pason.com>
Hey,
I should clarify that the mail server in the DMZ would not be your
IMAP / POP server. It would handle the AV and SPAM and then forward good
mail your internal corporate mail server.
Michael
Michael Gale wrote:
> Hello,
>
> A DMZ / SSN (Separate secure network) is where you would put
> servers that require access from internally and externally.
>
> So example you setup a firewall with 3 interfaces:
>
> External
> DMZ
> Internal
>
> Now on the DMZ you may place your company mail server for example. All
> mail from the Internet would come in and be forwarded to the server in
> the DMZ. This way if the mail server is compromised the intruder will
> have not gained access to your internal corporate network. A company
> web server would be another example, but not a intra net web server.
>
> The firewall rules between EXT <=> DMZ should be as secure as
> possible, same with DMZ<=>INT.
>
> I hope this helps clear some things up a little.
>
> Michael
>
> P theodorou wrote:
>
>> Hello
>>
>> I want to achieve the firewall script in the official iptables tutorial
>> 1.20 version practices here
>> http://iptables-tutorial.frozentux....MZ.firewall.txt
>>
>> typically a well known set up is
>> to receive traffic from the ISP via dhcp which assigns IP to eth0
>> and eth0 forwords traffic to eth1 (NAT) which is the default gateway
>> for a laptop .
>>
>> Now the machine has eth0 eth1 and eth2 so far we have spoken
>> for eth1 . Eth2 i wanted to be a DMZ for servers who need passive
>> connections
>> FTP etc...
>>
>> The concept of DMZ confuses me , can you suggest any resources
>> for the topic ?
>>
>> Really appreciated
>>
>>
>>
>
next prev parent reply other threads:[~2005-09-22 20:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-22 12:50 DMZ howto P theodorou
2005-09-22 20:11 ` Michael Gale
2005-09-22 20:16 ` Michael Gale [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-09-22 17:21 Derick Anderson
2005-09-22 22:35 P theodorou
2005-09-22 23:09 P theodorou
2005-09-23 2:47 ` "José R. \"Xous\" Negreira"
2005-09-23 15:17 P theodorou
2005-09-23 16:00 ` Jörg Harmuth
2005-09-23 16:24 ` Cedric Blancher
2005-09-23 16:02 ` /dev/rob0
2005-09-23 16:08 ` XouS - Jose R Negreira
2005-09-23 16:03 P theodorou
2005-09-23 16:14 ` Ruben Cardenal
[not found] <MC4-F31k4xAG7GDYX8Q002d325b@mc4-f31.hotmail.com>
2005-09-23 16:19 ` P theodorou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43331135.20705@pason.com \
--to=michael.gale@pason.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.