[ previous ] [ next ] [ threads ]
 
 From:  Vittore Zen <drzen at gamebox dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  DMZ - confirm config
 Date:  Mon, 31 Jan 2005 09:37:40 +0100
Hi,

my LAN

internet <-> (ip1)  m0n0 (ip2) <-> LAN
                             |
                        (ip3)
                       DMZ

ip1: 200.200.200.1 (eg. a static ip from an adsl ip range)
ip2: 10.0.0.1
ip3: 10.10.0.1

Now. I have a server1, a smtp+pop3, in DMZ
this server has public ip ip4 200.200.200.2 (dmz ip is 10.10.0.2)

I do this:
1. create an proxy arp entry for 200.200.200.2
2. add  a rule to WAN interface to pass any traffic to 10.10.0.2
3. add a rule to pass any traffic from DMZ to any (WAN and LAN)
4. add a nat server
5. add a 1:1 nat 10.10.0.2-200.200.200.2

additionals steps:

6. modify internal dns so say that server1 is 10.10.0.2
7. modify external dns so say that server1 is 200.200.200.2

(note that smtp/pop3 are used both from internal and external users)

Are these corrects? Are these secure?

Thanks in advance.
v