On Tue, 25 May 2004 21:52, Richard Rowe wrote: > When setting up a firewall with a DMZ zone what IP address should be > nominated for the DMZ interface? Something completely different from your man LAN.
> Should it be a number from your LAN address range (my suspicion is not) > or should it be an address from a fresh subnet. The latter. > eg if my LAN is 192.168.1.0/24 would you make the DMZ NIC 192.168.2.xyz ? Correct. Indeed, I once set up a Lan to be a 192.168.xxx.yyy C class net numbers and put a Mailserver in a DMZ in the 10.xxx.yyy.zzz A class network > My understanding of the DMZ interface is outside world can access it, > inside world can access it but never the two shall meet. Exactly. The important part to remember is that if the DMZ machine is compromised it should still be as difficult as possible to get into the LAN. > So if my above example is correct useing different subnet ranges then is > the routing set up automatically - if say you were to use IPCOP or > Smoothwall or Mandrake SNF. Yes. IPCop and Smoothwall us the concept of colour coding the nets RED = Internet ORANGE = DMZ GREEN = Internal LAN. I haver never used Mandrake SNF. > I have never seen the answer to this in any of there online manuals. -- Sincerely etc. Christopher Sawtell NB. This PC runs Linux. If you find a virus apparently from me, it has forged the e-mail headers on someone else's machine. Please do not notify me when this occurs. Thanks.
