Hi Jacob-
What you could also do is:
put the webserver outside the firewall.
Allow only HTTP and SSH services.
Connect for updation from your internal servers using
a rsync/ssh combination.
Put the firewall between the corporate LAN and the
webserver.
I am assuming here that the webserver does not have
your Company Internal Data.
If it does have, then I would just build an extranet.
Put the webserver inside the firewall and have NAT as
Amit said. This can be implemented smoothly.
But, I guess since you want to allow public access,
the above route of putting your webserver outside
would be a better option.
-Sameer
--- Amit Kaushal <[EMAIL PROTECTED]> wrote:
>
> I would suggest to use a seperate & illegal IP
> address scheme for the
> DMZ, do not the same IP addreses as for the
> external interface and the
> DMZ addresses. then use static NAT for two way
> HTTP flow from the DMZ.
> this can be a bit tricky, but not real tough.
> Amit Kaushal
>
>
> ______________________________ Reply Separator
> _________________________________
> Subject: DMZ and IP
> Author: [EMAIL PROTECTED] at Internet-USA
> Date: 7/9/2000 6:17 PM
>
>
> Hi everybody
>
> I have a problem with a firewall that I been trying
> to set up.
> The case is that I need to set up a firewall between
> the coorporate LAN and
> the internet and allow public access to a web
> server. So I thought (after
> having read a lot of posts about DMZ) this is a
> classic DMZ scenario, but as
> I tried to implement it (using ipchains and RH6.1) I
> found that the routing
> is a bit of a problem. Here comes a scheme to make
> it clear how my setup is:
>
> The firewall has three nic's:
>
> Internal: eth0, 192.168.10.10/255.255.255.0
> DMZ: eth1, 172.24.42.200/255.255.0.0
> External: eth2, 172.24.42.100/255.255.0.0
>
> The WEB-server has ip 172.24.42.222/255.255.0.0
>
> The problem is that RH put up a route from
> 172.24.0.0 to eth1 AND eth2,
> which makes all the packets end up the wrong places.
>
> This ends with two questions:
>
> How do I remove the route?
> Is this approch good / correct? How should a
> DMZ otherwise be setup?
>
> Thanks in advance
>
>
> Jacob Kjeldahl
> Spobjergvej 42,12
> 8220 Brabrand
> tlf. 894449176
> [EMAIL PROTECTED]
>
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
