DMZ question
I have a question about setting up a DMZ. My understanding is that on a
switch layer 3 communication cannot happen with out a router, so would it be
safe to have 3 separate networks, (one for the internet, one for the dmz and
one for the lan) all connected to the same switch? My idea is that the
switch does not have the ability to connect the separate networks and all
routing happens at the firewall machines. Any thoughts or suggestions?
__________ ____________
eth0 ___________
( ) ppp0 | FIREWALL | eth1
___switch-____ <-------->| FIREWALL |
( INTERNET ) <----------> | one |
<-------------->|____________| | two |
(____________) |__________ |
^ ^ <--------->|___________|
| | eth1
| |
eth0 | |
===== _______
| ---- | ( )
| | ( LAN )
| | (_______)
=========
| Email Srvr |
DMZ:
192.168.1.0/24 is the DMZ network
Firewall one:
eth0/ppp0 dynamic IP address
eth1 attached to 192.168.1.0/24
Firewall two:
eth0 attached to 192.168.1.0/24
eth1 attached to 192.168.2.0/24
Email server:
eth0 attached to 192.168.1.0/24
LAN:
192.168.2.0 is the local area network
Reply to: