[ previous ] [ next ] [ threads ]
 
 From:  Max Khitrov <mkhitrov at umd dot edu>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ by IP?
 Date:  Sun, 05 Dec 2004 10:23:17 -0500
Chris Buechler wrote:

>A publicly accessible host is not the same thing as a DMZ.  You can
>configure inbound NAT to the LAN to accomplish what you are talking
>about.
>
>A DMZ would be a separate network on a 3rd interface, isolated from
>LAN access as much as possible.
>
Hmm... So does DMZ for m0n0wall do something else then the DMZ ports on 
things like linksys and d-link routers? See the problem I ran into when 
trying to configure port forwarding on my old d-link is that some 
programs wouldn't use the same ports all the time, sometimes I couldn't 
figure out what ports were being used in the first place, and then there 
were some other things. So in the end, the only way to access everything 
on my server was to specify its IP in the DMZ config and any ports that 
weren't forwarded specifically would just go to that DMZ host. Not to 
mention that on my d-link the DMZ host wasn't isolated from the rest of 
the network, so I'm not sure what that's all about.

Now I've looked into NAT config, but that just seems to be the same 
problem I've had before, it will just be very hard to specify each and 
every port I need to be forwarded, and there doesn't seem to be a way to 
specify that any unforwarded port should go as is to that specific IP. 
Any more suggestions?