Re: Yet another DMZ question
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 Nov 2001 06:55:59 -0800
You've made the single most common mistake with DMZ setup; the DMZ NIC has
to be a literal subnet, not just a selected range of IPs.
Change the DMZ NIC mask to .192 or something even logically smaller, make
sure the selected IPs fit in that range and carry those settings to the
hosts in the DMZ.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
----- Original Message -----
From: "Greg Frost" <gfrost@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, November 27, 2001 18:58
Subject: [isalist] Yet another DMZ question
http://www.ISAserver.org
I just finished Tom's book on ISA server configuration, and the firewall
seems to be functioning well. However, I am having trouble configuring the
DMZ in a 3 NIC configuration.
The current setup is:
NIC 1: ISA <-> Internet
NIC 2: ISA <-> Private Network
NIC 3: ISA <-> DMZ
ISP Information:
Netblock: 65.43.79.0/25
Subnet Mask: 255.255.255.128
Router: 65.43.79.126
Subnet Mask: 255.255.255.128
Available IP's 65.43.79.1-65.43.79.125
The NICs are configured as follows:
NIC 1 (Internet Connection):
IP: 65.43.79.100
Subnet Mask: 255.255.255.128
Router: 65.43.79.126
NIC 2 (Private Network):
IP: 192.168.20.2
Subnet Mask: 255.255.255.0
Router: NONE
NIC 3 (DMZ):
IP: 65.43.79.101
Subnet Mask: 255.255.255.128
Router: NONE
Off NIC 3, the DMZ NIC, there is a web server, but I am having trouble
getting access to it from the internet. What NIC configuration should I
have on the Web Server, and what kind of packet filter should I use?
Specific examples would be great, my brain is completely fried from many
overnight shifts.
Thank you
Greg
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
