LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   smoothwall dmz (https://www.linuxquestions.org/questions/linux-newbie-8/smoothwall-dmz-112340/)

bradyc 11-04-2003 01:32 PM
smoothwall dmz
 
I'm new to web and mail hosting and now that I think I have my servers and network set up I'm worried about a good firewall. I have ten machines on the network behind a nat firewall and am very happy with that setup. The thing I'm most worried about is the servers, I would like them to have some kind of firewall as well... I have just down loaded smoothwall express 2.0 beta 7... and I have been playing with it for the past couple of days. Here is where my question comes in...

Right now my network looks like this


__________________________________
Internet
|
|
|---Linux 9 dns & smtp
|---Win server 2000 Http
|
|---Smoothwall
| |---Red--(63.X.X.X)
| |
| |---Orange--
| |
| |---Green -- 192.168.1.1
| | |
| | |--- Private network
__________________________________


is this the best layout for my network or should the servers be behind the smoothwall orange somehow and if so how...

thanks to all that have helped me this far the people on this forum have been great...

rioguia 11-04-2003 03:53 PM
I'm no linux guru but i have used smoothwall quite a bit. its a good product. the set up is very simple and smoothwall will take care of most of your problems. any adjustments can be made through its gui web interface (suggested below). you just have to know your the address assigned by your ISP (assuming static), your 2 DNS servers, and assign two lan address subnets (here 10.1.1.0 and 10.1.10.0).

the red interface is for your router's connection to the internet and sensibly enough it has your routable IP address assigned by your ISP. all your outgoing and incoming traffic comes through here, eg routable 63.xx.xxx.xxx.

the green interface is for your trusted boxes acting as workstations or local intranet servers only. It will have its own IP address, eg 10.1.1.1. All the clients on the green interface will use 10.1.1.1 as their gateway, eg. 10.1.1.2, 10.1.1.3, 10.1.1.4, etc.

the orange zone is for your boxes providing services to external users for example, 10.1.10.2, 10.1.10.3, 10.1.10.4, etc. if you want your green interface boxes to get services from your orange boxes you will have to open pinholes as defined in the gui interface. after the install, you will need to assess any port forwarding issues (, eg forward port 80 to your webserver, port 25 to your mail server, port 53 to any dns server port, etc). there are other issues to consider, eg. you may have to modify your named.conf file on your dns server to use port 53 by uncommenting the port 53 setting that is typically provided.

bradyc 11-04-2003 04:00 PM
thanks
 
thank you for your help this is finaly coming together in my head thanks...


All times are GMT -5. The time now is 03:10 AM.