RE: DMZ

  • From: "Steven Sporen" <sporens@xxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 11 Feb 2002 13:49:32 +0200

Hi,

If you received a class C or example (255.255.255.0 subnet mask) from
your service provider and have subnetted it into two smaller segments
for example.

ISP Network  Mask
172.16.1.0   255.255.255.0 

Your subnets:
Subnet 1     Mask          - You could use this for your 'public' side.
172.16.1.1   255.255.255.128

Subnet 2     Mask          - You could use this for your 'DMZ' side.
172.16.1.129 255.255.255.128

On your 'public' side you would need an address for your router to your
ISP and of course an address for your firewall, the router has to have a
route added for the 'DMZ' to route through your firewall, so you would
route traffic destined for the 'DMZ' side to the public address of the
firewall, likewise all the machines in your DMZ need to have a default
route configured to point to the firewall. The firewall should have a
default route to your ISP router. Your ISP router should have a default
route across the serial interface.

Hope this helps.

Regards
  Steven


-----Original Message-----
From: sonia urbaneja [mailto:sonia_villadiego@xxxxxxxx] 
Sent: 11 February 2002 12:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DMZ


http://www.ISAserver.org


Hi,

sorry, but I don´t understand this.

The upstream router is a provider´s one.

Must I have to specify anything to it?.

Best Regards,
Sonia.


--- "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
escribió: > http://www.ISAserver.org
>
>
> Hi Sonia,
>
> Make sure to configure your upstream router so that
> its aware of your
> DMZ segment.
>
> HTH,
> Tom
> www.isaserver.org/shinder
>
>
> -----Original Message-----
> From: sonia urbaneja
> [mailto:sonia_villadiego@xxxxxxxx]
> Sent: Monday, February 11, 2002 4:12 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] DMZ
>
> http://www.ISAserver.org
>
>
> Hi all,
>
> I have a range of public IP´s for my DMZ and
> Internet.
>
> I have done subnetting to divide this range, and I
> have a problem:
>
> I configure Packet Filters to route Internet traffic
> to DMZ, but it does not work, and I have a doubt:
>
> Must be subnet mask of Internet IPs and DMZ IPs
> different to route the traffic?.
>
> Thank you fot your help,
>
> Sonia.
>
>
_______________________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger
> Comunicación instantánea gratis con tu gente. 
> http://messenger.yahoo.es
>
>
------------------------------------------------------
> You are currently subscribed to this ISAserver.org
> Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to 
> $subst('Email.Unsub')
>
>
------------------------------------------------------
> You are currently subscribed to this ISAserver.org
> Discussion List as: sonia_villadiego@xxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')

_______________________________________________________________
Do You Yahoo!?
Yahoo! Messenger
Comunicación instantánea gratis con tu gente. http://messenger.yahoo.es

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sporens@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Other related posts: