In general you should never have a windows machine in a dmz.Thats the biggest problem with this setup
On Sep 4, 2009, at 11:31, Simon Hobson <[email protected]> wrote: > I wrote: > >> It's not dangerous, but it is tricky to set up. I >> did something not too dissimilar a while ago - >> multi-zone firewall for a multi-tenant business >> centre. The biggest problem is that by default, >> desktop-server communications for some stuff >> doesn't use defined ports - IIRC the server picks >> a random port and tells the client what it is. >> There is a registry setting to disable this and >> make it used fixed ports - and then you can >> configure the firewall accordingly. > > I should add, that it's not a problem if you have a default policy to > allow connections from local lan to DMZ. In our case we had something > akin to a DMZ but with a default policy of drop - all the switch > management stuff etc in there so it was more like a management LAN. > -- > Simon Hobson > > Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > > --- > --- > --- > --------------------------------------------------------------------- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
