[ previous ] [ next ] [ threads ]
 
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'murphy at BWG4 dot local'" <murphy at BWG4 dot local>
 Cc:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] DMZ help
 Date:  Mon, 5 Apr 2004 14:04:33 +0200
You will need to add rules that apply on the WAN interface and have 'any' as
source and the DMZ subnet as destination ('any' protocol too).

I don't get why you would put a firewall there if you will pass all traffic?

Joachim

> -----Original Message-----
> From: murphy at BWG4 dot local [mailto:murphy at BWG4 dot local]
> Sent: vrijdag 2 april 2004 21:24
> To: Christiaens Joachim
> Cc: M0n0wall
> Subject: RE: [m0n0wall] DMZ help
> 
> 
> yeas, i've gotent that far, but what rules do I need to add 
> for all the traffic to get pased both ways on my DMZ named interface? 
> 
> 
> Christiaens Joachim <jchristi at oce dot be> wrote ..
> > 
> > 
> > > -----Original Message-----
> > > From: Jim Gifford [mailto:jim at giffords dot net]
> > > Sent: donderdag 1 april 2004 19:04
> > > To: M0n0wall
> > > Subject: Re: [m0n0wall] DMZ help
> > > 
> > > 
> > > On Wed, Mar 31, 2004 at 10:39:52PM -0800, steven murphy wrote:
> > > > ok i need specifics to get a DMZ network set up on a 4501, 
> > > or m0n0wall 
> > > > box with 3 NIC's.
> > > > 
> > > 
> > > As I wrote before:
> > > 
> > > 1. Make sure you have at least 3 network cards
> > > 2. assign one to WAN
> > > 3. assign one to LAN
> > > 4. assign the rest to OPT1 .. OPTwhatever
> > > 5. log into web gui
> > > 6. find the interface for OPT1 and give it the name 'DMZ'
> > > 7. configure your firewall rules for your DMZ zone.
> > > 
> > > These are exactly the steps you need to take.
> > > 
> > > You assign your interfaces from the console with option 
> > > number 1 from the
> > > console setup menu.  It asks which interface you want to 
> use for LAN,
> > > then WAN, then OPT1 and so on.  Simply give sis0 for LAN, 
> > > sis1 for WAN,
> > > and sis2 for OPT1.
> > > 
> > > Then, wire the ports to the correct networks.
> > > 
> > > Then, connect a client machine to the LAN and let it DHCP 
> an address.
> > > 
> > > Then, connect to 192.168.1.1 with your web browser.
> > > 
> > > Under "Interfaces", find OPT1 and click on it.
> > > 
> > > Click on "Enable Optional 1 interface" and in the description 
> > > field, put
> > > "DMZ".  Tell it to bridge with none, and give it a 
> different IP subnet
> > > than you are using for LAN and WAN.  Click Save.
> > > 
> > > You now have a DMZ with all traffic blocked, although LAN can 
> > > access DMZ.
> > > You then need to configure your firewall rules to permit the 
> > > traffic you
> > > want in and out of DMZ.
> > > 
> > > There are other ways of configuring DMZ, this is just one of 
> > > the simplest
> > > ways.
> > > 
> > > hope this helps,
> > > jim
> > 
> > 1 thing to keep in mind: the DMZ functionality in the above 
> description
> > is
> > not the same as the one in commercial home 
> broadband-routers, which forward
> > all ports to the 'DMZ host'.
> > 
> > Regards,
> > Joachim
> > 
> > 
> > -----------------------------------------------
> > MISSION STATEMENT 
> > -----------------------------------------------
> > Oce enables its customers to manage their documents efficiently and
> > effectively by offering innovative print and document 
> management products
> > and services for professional environments.
> > 
> > -----------------------------------------------
> > DISCLAIMER 
> > -----------------------------------------------
> > This e-mail message and any attachment are intended for the 
> sole use of
> > the
> > recipient(s) named above and may contain information which 
> is confidential
> > and/or protected by intellectual property rights.
> > Any use of the information contained herein (including, but 
> not limited
> > to,
> > total or partial reproduction, communication or 
> distribution in any form)
> > by
> > other persons than the designated recipient(s) is prohibited.
> > 
> > If you have received this e-mail in error, please notify 
> the sender either
> > by telephone (0032-2-729.48.11) or by e-mail and delete the 
> material from
> > any computer.
> > Oce-Belgium/Oce-Interservices is nor responsible for the correct and
> > complete transfer of the contents of the sent e-mail, 
> neither for the
> > receipt on due time.  This e-mail message does not bring 
> about a contractual
> > obligation for Oce-Belgium/Oce-Interservices.
> > 
> > Thank you for your cooperation.
> > 
> > For further information about Oce-Belgium/Oce-Interservices 
> please see
> > our
> > website at www.oce.be
> > 
> > -----------------------------------------------
> > 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 


-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------
Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------