[ previous ] [ next ] [ threads ]
 
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Jim Gifford'" <jim at giffords dot net>, "'steven murphy'" <murphy at imelectronic dot com>
 Cc:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] DMZ help
 Date:  Fri, 2 Apr 2004 10:25:00 +0200
> -----Original Message-----
> From: Jim Gifford [mailto:jim at giffords dot net]
> Sent: donderdag 1 april 2004 19:04
> To: M0n0wall
> Subject: Re: [m0n0wall] DMZ help
> 
> 
> On Wed, Mar 31, 2004 at 10:39:52PM -0800, steven murphy wrote:
> > ok i need specifics to get a DMZ network set up on a 4501, 
> or m0n0wall 
> > box with 3 NIC's.
> > 
> 
> As I wrote before:
> 
> 1. Make sure you have at least 3 network cards
> 2. assign one to WAN
> 3. assign one to LAN
> 4. assign the rest to OPT1 .. OPTwhatever
> 5. log into web gui
> 6. find the interface for OPT1 and give it the name 'DMZ'
> 7. configure your firewall rules for your DMZ zone.
> 
> These are exactly the steps you need to take.
> 
> You assign your interfaces from the console with option 
> number 1 from the
> console setup menu.  It asks which interface you want to use for LAN,
> then WAN, then OPT1 and so on.  Simply give sis0 for LAN, 
> sis1 for WAN,
> and sis2 for OPT1.
> 
> Then, wire the ports to the correct networks.
> 
> Then, connect a client machine to the LAN and let it DHCP an address.
> 
> Then, connect to 192.168.1.1 with your web browser.
> 
> Under "Interfaces", find OPT1 and click on it.
> 
> Click on "Enable Optional 1 interface" and in the description 
> field, put
> "DMZ".  Tell it to bridge with none, and give it a different IP subnet
> than you are using for LAN and WAN.  Click Save.
> 
> You now have a DMZ with all traffic blocked, although LAN can 
> access DMZ.
> You then need to configure your firewall rules to permit the 
> traffic you
> want in and out of DMZ.
> 
> There are other ways of configuring DMZ, this is just one of 
> the simplest
> ways.
> 
> hope this helps,
> jim

1 thing to keep in mind: the DMZ functionality in the above description is
not the same as the one in commercial home broadband-routers, which forward
all ports to the 'DMZ host'.

Regards,
Joachim


-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------
Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------