Trouble with DMZ addressing - Please help!
- From: "Pete Banham" <pete.banham@xxxxxxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 6 Jan 2003 07:56:47 -0700
Hi,
I currently have one tri-homed ISA, a LAN and one machine I need on a DMZ
as a web server (port 8080 though).
I have 5 static usable IPs (2 illegal, 1 for the DSL router) so on a
x.x.x.x/29 network. After reading some of the microsofts docs about it,
I'm a little confused. Currently my LAN has full access to the DMZ on
8080, but the internet does not. Under packet filters, I have one for TCP
Inbound on 8080, destination set is the DMZ computer and applies to all
requests. There's also a rule for http, https and ftp download which
allows any request. There's also another for http and https which allows
from the dmz computer. My DMZ computer can access the DNS server (also
the firewall) and recieve a valid response, but cannot use the browser.
The prob I'm confused about is having the DMZ on a separate network by
subneting my public IPs. imagine x.x.x.88/29 as the network and mask my
provider has given me. My router is at x.x.x.89/29 and my firewall's
external interface at x.x.x.90/29 - What I have done (not sure if it's
right) is use the DMZ interface on the firewall as x.x.x.93/30 and the dmz
computer as x.x.x.94/30. There is a DNS entry for the DMZ computer, and
if I allow ping, it seems to work, so why the blo*dy hell can't I see the
web server?
Any help will be greeted with absolute delight!
Pete
Other related posts:
