From: Michael Gale <michael.gale@pason.com>
To: netfilter@lists.netfilter.org
Subject: Re: DMZ howto
Date: Thu, 22 Sep 2005 14:16:53 -0600 [thread overview]
Message-ID: <43331135.20705@pason.com> (raw)
In-Reply-To: <43330FF9.30106@pason.com>
Hey,
I should clarify that the mail server in the DMZ would not be your
IMAP / POP server. It would handle the AV and SPAM and then forward good
mail your internal corporate mail server.
Michael
Michael Gale wrote:
> Hello,
>
> A DMZ / SSN (Separate secure network) is where you would put
> servers that require access from internally and externally.
>
> So example you setup a firewall with 3 interfaces:
>
> External
> DMZ
> Internal
>
> Now on the DMZ you may place your company mail server for example. All
> mail from the Internet would come in and be forwarded to the server in
> the DMZ. This way if the mail server is compromised the intruder will
> have not gained access to your internal corporate network. A company
> web server would be another example, but not a intra net web server.
>
> The firewall rules between EXT <=> DMZ should be as secure as
> possible, same with DMZ<=>INT.
>
> I hope this helps clear some things up a little.
>
> Michael
>
> P theodorou wrote:
>
>> Hello
>>
>> I want to achieve the firewall script in the official iptables tutorial
>> 1.20 version practices here
>> http://iptables-tutorial.frozentux....MZ.firewall.txt
>>
>> typically a well known set up is
>> to receive traffic from the ISP via dhcp which assigns IP to eth0
>> and eth0 forwords traffic to eth1 (NAT) which is the default gateway
>> for a laptop .
>>
>> Now the machine has eth0 eth1 and eth2 so far we have spoken
>> for eth1 . Eth2 i wanted to be a DMZ for servers who need passive
>> connections
>> FTP etc...
>>
>> The concept of DMZ confuses me , can you suggest any resources
>> for the topic ?
>>
>> Really appreciated
>>
>>
>>
>
next prev parent reply other threads:[~2005-09-22 20:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-22 12:50 DMZ howto P theodorou
2005-09-22 20:11 ` Michael Gale
2005-09-22 20:16 ` Michael Gale [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-09-22 17:21 Derick Anderson
2005-09-22 22:35 P theodorou
2005-09-22 23:09 P theodorou
2005-09-23 2:47 ` "José R. \"Xous\" Negreira"
2005-09-23 15:17 P theodorou
2005-09-23 16:00 ` Jörg Harmuth
2005-09-23 16:24 ` Cedric Blancher
2005-09-23 16:02 ` /dev/rob0
2005-09-23 16:08 ` XouS - Jose R Negreira
2005-09-23 16:03 P theodorou
2005-09-23 16:14 ` Ruben Cardenal
[not found] <MC4-F31k4xAG7GDYX8Q002d325b@mc4-f31.hotmail.com>
2005-09-23 16:19 ` P theodorou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43331135.20705@pason.com \
--to=michael.gale@pason.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox