Re: DMZ

To: Kirk Schroeder <kirkschr@pacbell.net>, debian-firewall@lists.debian.org
Subject: Re: DMZ
From: Ray Olszewski <ray@comarre.com>
Date: Sat, 12 May 2001 06:22:25 -0700
Message-id: <2.2.32.20010512132225.00cea5ac@[192.168.1.23]>

Yes, you can do this with Debian. You can probably even do it with Coyote,
though I haven't used it myself so cannot be sure of that; but it is a
standard configuration for real LRP systems (Coyote forked from LRP so long
ago that it really is quite separate by now). If you check any of the main
LRP sites -- leaf.sourceforge.net, www.linuxrouter.com, and lrp.c0wz.com are
the important starting points -- you'll find instructions and
semi-customized floppy images pretty readily.

You do need 3 NICs to do this safely, BTW; Cory's reply omitted the one that
the DSL router connects to (at least here in PacBell territory). Sometimes
people fake DMZs with IP aliasing on the internal NIC, but doing it this way
defeats the security purpose of having a DMZ.

Your biggest problem will be not NAT -- that's handled very conventionally
by ipmasqadm -- but the fact that you have a dynamic IP address (I assume
you mean PPPoE assigned, the current system common for cheap PacBell
service). You'll need to use a service that provides dynamic DNS to resolve
it. There used to be several sites that offered this for free, at least for
DHCP-assigned dynamic addresses, but I don't know if that's gone the way of
many another erstwhile freebie (does anyone else know?).

At 10:16 PM 5/10/01 -0700, Kirk Schroeder wrote:
>
>Hello Debian People:
>I was wondering if I can do this with Debian. I have a small LAN at home
>that consist of several computers hooked up to the Inet with DSL. I am
>currently using coyote linux LRP as my NAT/firewall. I want to run a web
>server and I don't feel like letting port 80 into my private LAN, maby I
>am paranoid :) My firewall computer is an 486/133MHZ with 32 megs of ram
>it has 2 pci NICS in it. Can I add a third NIC and set this up as a DMZ
>to my web server? Also I need to use NAT as I only have one dynamic IP
>address. I would like to know how to do this or point me in the right
>direction to find info.

--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: DMZ
  - From: Cory Petkovsek <coryp@petersen-arne.com>

Prev by Date: Re: DMZ
Next by Date: Re: DMZ
Previous by thread: Re: DMZ
Next by thread: Re: DMZ
Index(es):
- Date
- Thread