Firewall Wizards mailing list archives
RE: DMZ or not ?
From: sean.kelly () lanston com
Date: Thu, 7 Oct 1999 14:32:59 -0400
Currently, we're using Linux as a Firewall Box, with a port forwarding to our mail server, that is behind the firewall. We are in way now, to install a public web server and a DNS server. What are de advantages and disadvantages of placing this servers behind the firewall and perform NAT or Port forwarding, instead of using a DMZ ?
If you have a firewall with a couple ports, a good solution would be to put the web server in its own loop, protected by the firewall, and your LAN in another loop. This way, you can restrict access to the web server to, say, port 80, but if it's compromised the hacker doesn't gain access to your LAN. With a simpler fireall (one port to the internet, one port to your LAN), I'd advise putting the webserver in the DMZ. Keep backups and if it's compromised you just reload from tape. As for your DNS server.... it depends on whether that server will be handling DNS stuff for machines on your LAN or just public machines. You might want a DNS server inside the firewall for internal machines and a second one outside for public IPs. Sean
Current thread:
- RE: DMZ or not ?, (continued)
- RE: DMZ or not ? Thomas Crowe (Oct 08)
- Re: DMZ or not ? Frederick M Avolio (Oct 12)
- RE: DMZ or not ? Ben Nagy (Oct 12)
- RE: DMZ or not ? Moore, James (Oct 12)
- RE: DMZ or not ? Thomas Crowe (Oct 12)
- RE: DMZ or not ? Mike Coppage (Oct 13)
- RE: DMZ or not ? Thomas Crowe (Oct 16)
- Re: DMZ or not ? Mikael Olsson (Oct 16)
- Re: DMZ or not ? Cristiano Lincoln Mattos (Oct 12)
- RE: DMZ or not ? Harris Raymond D JR CIV AFAA/MSI (Oct 12)
- RE: DMZ or not ? sean . kelly (Oct 12)