|
||||||||
Kevin Tollison wrote: >> Internet >> | >> m0n0**>|>--- DMZ (httpd) <-- Planned to add > | >> (AP + switch)** >> | >> | >> Internal Network >> >> *But, how do i add the DMZ in, cuz i couldn't find the DMZ function >> around. I understand that DMZ is dangerous, exposed and outcast and >> stuffs like that, but can it be done with only one internet ip >> address? Then how >> does the firewall know where to direct the 65535 ports to? > > Safest thing would be to add another NIC to the m0n0wall. Do not > allow any traffic from the OPT1 to the LAN. See above The default behavior will be to allow LAN -> OPT1, but not OPT1 -> LAN. Once you have configured the DMZ subnet (will be different than LAN subnet) you will be able to define NAT and Firewall rules to allow forwarding of traffic from WAN IP to a host IP on DMZ. If you use the default LAN subnet of 192.168.1.0/24 - use something like 172.16.1.0/24 for your DMZ. Because of the default behavior above, hosts on your LAN will be able to access resources on the DMZ. I would also consider moving the AP to the DMZ, unless you have it secured. _________________________________ James W. McKeand |