|
||||||||
A DMZ is a seperate network from your LAN that should be locked down tight as it is exposed to the internet. As a rule of thumb ANY box that sits in a DMZ should be patched with the latest security fixes. Also any AND all unnecessary daemons should be disabled. Here is a link with a decent explaination of DMZ's: http://www.pittech.com/dmz.htm That said, as for firewall rules you should allow out only the ports needed from a server to the web. Example: Outbound rules: webserverA allow port 80 out webserverB allow port 443 out NAT rules: NAT IP to webserverA NAT IP to webserverB Inbound rules: allow 80 from any to webserverA allow 443 from any to webserverB Now as for your LAN segment to the DMZ rules: allow ANY on LAN to DMZ (you can go crazy and allow only port level access here also) DENY ALL from DMZ to LAN --------- Mensagem Original -------- From: Christian Hjalmarsson <christian at hjalmarsson dot net> To: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch> Subject: [m0n0wall] DMZ Date: 20/04/04 07:36 > > How do I conf a DMZ network > How shall the rules look like ? > Need as much info as you can get me :) > > -- > Best regards, > Christian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > > > |