Rodman Frowert wrote:
> Melvin wrote:
>> As you've already pointed out you could add another NIC, but from the
>> sounds of things your concept of the DMZ doesn't really match what I
>> would expect either. DMZ would normally indicate public servers with
>> some protection from the outside, but accessible to everyone. Why
>> would you have the portal enabled there? Perhaps I've just missed
>> the point, but I would expect to see it enabled on the LAN side, not
>> the DMZ. If you wanted multiple LAN segments, then it might make
>> sense, but then I wouldn't expect to see servers in that group.
> The reason I have a captive portal enabled in the DMZ is because it is
> being used as a public hotspot for wi-fi internet access. My LAN is
> only used for my employees so I have no need for a portal in there.
> Obviously, I needed an area to put the hotspot so that it was off my
> LAN and the DMZ seemed to be like the best logical place. I am
> wanting to add a few servers into the DMZ now (i.e. web, dns, mail,
> It will probably make more sense now to add another NIC to the box
> setting up a second DMZ for the servers...
OK. I agree that this is an issue if the hotspot is there, but I would
be concerned about putting servers on that leg, essentially for the same
reason I wouldn't want the hotspot on the LAN. I think the new NIC is
the best solution. I also see how not being able to ping things there
would be an issue. Perhaps rather than only blocking certainly ports, a
better choice would be the ability to allow specific ports/protocols,
which you would define as whatever your choice for diagnostics would be.
Sleepy Dragon Enterprises
Do not meddle in the affairs of dragons, for
you are crunchy, and taste good with ketchup!