[ previous ] [ next ] [ threads ]
 
 From:  Jim Gifford <jim at giffords dot net>
 To:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] DMZ help
 Date:  Thu, 1 Apr 2004 12:04:01 -0500
On Wed, Mar 31, 2004 at 10:39:52PM -0800, steven murphy wrote:
> ok i need specifics to get a DMZ network set up on a 4501, or m0n0wall 
> box with 3 NIC's.
> 

As I wrote before:

1. Make sure you have at least 3 network cards
2. assign one to WAN
3. assign one to LAN
4. assign the rest to OPT1 .. OPTwhatever
5. log into web gui
6. find the interface for OPT1 and give it the name 'DMZ'
7. configure your firewall rules for your DMZ zone.

These are exactly the steps you need to take.

You assign your interfaces from the console with option number 1 from the
console setup menu.  It asks which interface you want to use for LAN,
then WAN, then OPT1 and so on.  Simply give sis0 for LAN, sis1 for WAN,
and sis2 for OPT1.

Then, wire the ports to the correct networks.

Then, connect a client machine to the LAN and let it DHCP an address.

Then, connect to 192.168.1.1 with your web browser.

Under "Interfaces", find OPT1 and click on it.

Click on "Enable Optional 1 interface" and in the description field, put
"DMZ".  Tell it to bridge with none, and give it a different IP subnet
than you are using for LAN and WAN.  Click Save.

You now have a DMZ with all traffic blocked, although LAN can access DMZ.
You then need to configure your firewall rules to permit the traffic you
want in and out of DMZ.

There are other ways of configuring DMZ, this is just one of the simplest
ways.

hope this helps,
jim