[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall with linksys wrt54g?.
 Date:  Mon, 17 Jan 2005 16:38:50 -0500
Kevin Tollison wrote:
>>    Internet
>>       |
>>     m0n0**>|>--- DMZ (httpd) <-- Planned to add
>          |
>> (AP + switch)**
>>       |
>>       |
>> Internal Network
>> 
>> *But, how do i add the DMZ in, cuz i couldn't find the DMZ function
>> around. I understand that DMZ is dangerous, exposed and outcast and
>> stuffs like that, but can it be done with only one internet ip
>> address? Then how 
>> does the firewall know where to direct the 65535 ports to?
> 
> Safest thing would be to add another NIC to the m0n0wall.  Do not
> allow any traffic from the OPT1 to the LAN.  See above

The default behavior will be to allow LAN -> OPT1, but not OPT1 ->
LAN. 

Once you have configured the DMZ subnet (will be different than LAN
subnet) you will be able to define NAT and Firewall rules to allow
forwarding of traffic from WAN IP to a host IP on DMZ. If you use the
default LAN subnet of 192.168.1.0/24 - use something like
172.16.1.0/24 for your DMZ. Because of the default behavior above,
hosts on your LAN will be able to access resources on the DMZ.

I would also consider moving the AP to the DMZ, unless you have it
secured.

_________________________________
James W. McKeand