> What are mandatory DMZ rules to apply when using mail, www & ftp servers
> in DMZ?
> WAN - - - - -|Mono| - - - - - LAN
> Workstations on the LAN & WAN can/may contact the servers in DMZ.
> A simple question with a lot of possible answers...
Mandatory rules... well, there is quite a bit of options depending on
how much security you want to enforce.
It all depends on what configuration your mail,www,ftp servers are
running. What services are running on your mail server? Is www
server running HTTPS? Is your FTP server set up to use passive mode
(PASV)? If it is, what is the port range that it's allocated for PASV
connections? In some FTP servers, you can specify a port range to
tell the FTP server only to use those ports when telling a client to
make a PASV connection. If you can't, the default (which will
seriously expose your server) is 1024-65535.
Please give some insight into the internal IP of your server, services
running, ports, etc etc