I wrote: >It's not dangerous, but it is tricky to set up. I >did something not too dissimilar a while ago - >multi-zone firewall for a multi-tenant business >centre. The biggest problem is that by default, >desktop-server communications for some stuff >doesn't use defined ports - IIRC the server picks >a random port and tells the client what it is. >There is a registry setting to disable this and >make it used fixed ports - and then you can >configure the firewall accordingly.
I should add, that it's not a problem if you have a default policy to allow connections from local lan to DMZ. In our case we had something akin to a DMZ but with a default policy of drop - all the switch management stuff etc in there so it was more like a management LAN. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
