Need an advise about isolating a host in the DMZ

To: debian-security@lists.debian.org
Subject: Need an advise about isolating a host in the DMZ
From: Haim Ashkenazi <haim@consonet.com>
Date: 18 Dec 2002 11:42:16 +0200
Message-id: <1040204536.12811.100.camel@parker>

Hi 

I have a host in my DMZ that has both anonymous ftp and pop3 ports open
(this can't be changed). since I really don't trust this setup, I was
thinking about ways to isolate this host so no one who break to this
computer, can access other computers on the DMZ (although other
computers should be able to access it). one obvious solution is to
create a second DMZ, but that would cost me the lost of three ip's, so
I'm trying to figure out ways to isolate him without putting it in
another subnet.

I thought about 2 solutions so far:
        1. putting iptables on all the other computers in the DMZ.
        2. connecting this host to another VLAN and set this
           configuration on the switch (I have to see if that's even
           possible).

Does anybody have another/better solution?

thanx 
-- 
Haim

Reply to:

Follow-Ups:
- Re: Need an advise about isolating a host in the DMZ
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Need an advise about isolating a host in the DMZ
  - From: Adrian Phillips <adrianp@powertech.no>
- Re: Need an advise about isolating a host in the DMZ
  - From: Blars Blarson <blarson@blars.org>
- Re: Need an advise about isolating a host in the DMZ
  - From: Haim Ashkenazi <haim@consonet.com>

Prev by Date: Re: Bad Signature (was: Re: SSH)
Next by Date: RE: Need an advise about isolating a host in the DMZ
Previous by thread: Re: proposed-updates-version of mysql [was: Re: [d-security] Multiple MySQL vulnerabilities]
Next by thread: Re: Need an advise about isolating a host in the DMZ
Index(es):
- Date
- Thread