About Firewall configuration
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Tue Apr 3 12:40:26 UTC 2007
aragonx at dcsnow.com wrote:
>>Hello,
>>
>>If all of server are NOT DMZ, then they can be assigned ( used ) Private
>>IP ?
>>
>>
>
>Okay, DMZ adds a layer of complexity but really has no bearing on the
>private IP range.
>
>What is it you are trying to accomplish?
>
>Your DMZ can be behind your NAT box but does not have to be. Some DMZ
>setups look something like this:
>
>
>Internet
> |
> |
> |
> v
>Border router
> | |
> | |
> | |
> v v
>DMZ1 DMZ2 DMZ3 ...
> |
> |
> |
> v
>Internal firewall
> | |
> | |
> | |
> v v
>Computer1 Computer2 Computer3
>
>
>So, in this case, you can use either your border router or your internal
>firewall as your NAT box. Either will do but the border router might be a
>better choice.
>
>Of course your DMZ boxes should be single tasked. Therefore, each should
>only have 1 or so ports that are accessible from either your internal
>network or the Internet. There is much much more to this though. Like,
>your DMZ boxes should not be allowed to initiate connections, especially
>to your internal network. There should be no connections coming in to the
>internal firewall from the Internet or the untrusted network. Etc...
>
>
My means :
The Server machine is not DMZ, so can it use Private IP only ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070403/ac7d9dce/attachment-0001.htm>
More information about the fedora-list
mailing list