[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  Ugo Bellavance <ugob at camo dash route dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Configuring OPT for LAN access only
 Date:  Mon, 18 Apr 2005 20:57:38 -0400
> > My plan is to make the test server visible from the LAN but not the WAN.
> >
> 
> Ok, but why do you put it in the DMZ then?
> 

The purpose of putting it in the DMZ is first to test, then make live.
I just don't want to be attacked until I've worked out the bugs. I am
basically trying to move our servers off the LAN onto the DMZ and
since I'm the only fish (admin) in my fish bowl, this forum is where I
bounce my ideas.

Thanks

-Don



On 4/18/05, Ugo Bellavance <ugob at camo dash route dot com> wrote:
> Don Munyak wrote:
> > This is probably a noob question, but I just want to confirm first.
> >
> > I have setup m0n0wall v1.11 with three interfaces, WAN, LAN, DMZ. I
> > have not yet moved any servers from the LAN over to the DMZ. The NAT
> > 1:1 is currently coming into specific LAN servers.
> >
> > Our LAN network is 192.168.222.0 /24
> > The DMZ network is 192.168.10.0 /24
> > Test server 192.168.10.5 /24
> >
> > I want to put a test webserver on the DMZ, but I don't want to make it
> > public, nor suseptable to WAN traffic. By simply not specifying any
> > NAT or Server settings will allow the server on the DMZ network to
> > remain invisible to internet traffic...Correct ??
> 
> Yes.  You can even enforce a firewall rule if you want.
> 
> >
> > The next step of testing I was planning to add an entry in one of our
> > internal DNS servers with a static router in m0n0wall for accessing
> > the webserver. Does this sound reasonable ?
> >
> 
> It works here.
> 
> > My plan is to make the test server visible from the LAN but not the WAN.
> >
> 
> Ok, but why do you put it in the DMZ then?
> 
> > Thanks
> >
> > - Don
> 
> Ugo
> 
> (I'm a newbie too, please correct me if i'm wrong)
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>