[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Adding a 2nd NIC to create a DMZ

If you only have one NIC now you don't have a firewall. You have a router.
I guess your setup is like so:

 "firewall" - hub - LAN
               |
        Internet via DSL

With this setup you won't have any firewall functionality at all since
your LAN and the Internet is on the same physical network.

What you might want is this:

       Internet via DSL - firewall - hub  - LAN

To get this you'll have to have two NICs in the firewall.
Then you're in a position where you can actually block packets from entering 
your network.

If you, on top of all these wonders, want a DMZ, you'll need three NICs.

       Internet via DSL - firewall - hub  - LAN
                             |
                            DMZ

The DMZ is just another subnet, with a different set of rules, usually less 
strict than those for the LAN.

Check out these links.

http://www.grennan.com/Firewall-HOWTO.html
http://netfilter.filewatcher.org/ipchains

On Thursday 14 June 2001 15:27, Michael Boyd wrote:
> My firewall machine currently has just one NIC with the driver installed
> when I originally installed Debian using dbootstrap.  I don't understand

-- 
oivvio polite

cell +46 (0)709 30 40 30 / phone +46 (0)8 669 64 18 / fax +46 (0)8 84 00 18
varvsgatan 10A / s-117 29 stockholm / sweden
Reply to: