[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Need an advise about isolating a host in the DMZ


I have a host in my DMZ that has both anonymous ftp and pop3 ports open
(this can't be changed). since I really don't trust this setup, I was
thinking about ways to isolate this host so no one who break to this
computer, can access other computers on the DMZ (although other
computers should be able to access it). one obvious solution is to
create a second DMZ, but that would cost me the lost of three ip's, so
I'm trying to figure out ways to isolate him without putting it in
another subnet.

I thought about 2 solutions so far:
        1. putting iptables on all the other computers in the DMZ.
        2. connecting this host to another VLAN and set this
           configuration on the switch (I have to see if that's even

Does anybody have another/better solution?


Reply to: