LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DMZ and designed network segment (https://www.linuxquestions.org/questions/linux-networking-3/dmz-and-designed-network-segment-398409/)

Razr 01-01-2006 03:00 PM
DMZ and designed network segment
 
Hello, Happy New 2006 Year!

First, what exactly means DMZ? I already know, it's demilitarized zone, but may anyone tell me, when we use that? What exactly is it's task? What does it do?

What should I understand under "designed network segment"? I have done some google searches, but haven't found anything concrete.

thanks in advance.

Mara 01-01-2006 03:57 PM
http://en.wikipedia.org/wiki/Demilit...28computing%29
http://wiki.linuxquestions.org/wiki/DMZ

Together they should give the picture. In short, you use DMZ if you want to separate your servers from your internal network.

'Designed network segment'... What's the context? Without it, I'd think it's just about a network segment that had a project of some kind.

Brian1 01-01-2006 04:10 PM
Here is a very broad explantion. The normally is to have a router with 3 nics in it. First nic connects to the internet. second can connacet to internal lan machines and the third will be machine on the dmz circuit. Normally these are server machines that will be seen from the outside internet as machines on the first nic. The dmz is less secure because you allow open ports from the internet to it. On the lan side you very seldom have any open ports (normally never open any ports) to make information as secure as possible on this side.

designed network segments if I understand is usually used in large businesses. They create subnets of class A,B,or C address and divide them into smaller subnets. Look up subnetting for more info. So in a class C address of 192.168.1.0 and using the subnet 255.255.255.0 to define it as a class C you have use of 255 IP from 192.168.1.1 to 192.168.1.255.

Now if divide a class C into smaller segemnts we use 192.168.1.0 with a subnet 255.255.255.224 or same as 192.168.1.0/27. You will have total of 30 ip's to work with from 192.168.1.1 to 192.168.1.30 and use of 192.168.1.31 as broadcast. For the next segment you would use 192.168.1.32/27 which gets you 192.168.1.33 to 192.168.1.63 with 192.168.1.64 as broadcast. Even though both may be on the same network it requires a routing table to allow packets to and from each segment. One seldom divides a class C unless segmenting users from seeing each other.

Items to help in search. iptables, subnetting, firewall, routing, gateway.

Code:
    wan
  router
lan    dmz

Hope this helps out.
Brian


All times are GMT -5. The time now is 10:34 PM.