[ previous ] [ next ] [ threads ]
 
 From:  Christoph hanle<christoph dot hanle at leinpfad dot de>
 To:  "Peter van Eck"<peter at vaneckonline dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ static route
 Date:  Thu, 9 Mar 2006 13:11:48 +0100 (MET) 
----- original Nachricht --------

Betreff: [m0n0wall] DMZ static route
Gesendet: Do 09 Mär 2006 12:23:19 MET
Von: "Peter van Eck" <peter at vaneckonline dot net>

> 
> Hi,
> 
> I've got m0n0wall 1.21 on a  3 interface soekris 4801.
> 
> What I would like/need is to create DMZ zone. currently I've got
> a wired LAN , Wireless LAN and the WAN interface configured in M0n0wall.
> 
> Is it advisable to create the DMZ in the Wired LAN behind a 2nd 
> router/firewall using static routes in M0n0wall ?
No.
It is possible, but not advisable.
If  you don't have the possibility to use a router with four interfaces WAN/ Wireless / DMZ and Lan
and you have to use two routers do following:
Wan-side use a firewall with two interfaces (WAN and DMZ) and on LAN-side use a Firewall with three
interfaces (DMZ / wireless and LAN).
always with two Firewall nating etc. is tricky but possible.
bye
Christoph

> 
> the DMZ will have mail /web server /DNS servers open for public as well  
> as being accessed by  the LANS for imap/smtp  and squid outgoing proxy...
> 
> thanks,
> 
> Peter
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

--- original Nachricht Ende ----