LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-23-2013, 11:22 AM   #1
mbvpixies78
Member
 
Registered: Nov 2007
Location: Vietnam
Distribution: CentOS
Posts: 181
Blog Entries: 3

Rep: Reputation: 16
Setting up DMZ to Protect Linux Server from Windows, Windows From Itself


I have a Linksys router, replacing stock firmware with OpenWRT and am attempting to set up a DMZ for a Linux web server following the method and steps outlined in the OpenWRT wiki

When I made the changes, I lost my internet connection to server and Windows box. I wasn't even able to ssh into router to undo changes via either. I was only able to ssh through wireless connection via my laptop-- that was a little scary for a minute as it looked like the router had been bricked.


There are two steps that are unclear to me and I could please use help understanding what I'm not getting right.


(1) Changes made to /etc/config/network


Code:
/etc/config/network

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth0'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '10.42.43.1'
        option 'gateway' '10.42.43.254'

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'dhcp'
        
config 'switch'                         
        option 'name' 'eth0'            
        option 'reset' '1'              
        option 'enable_vlan' '1'        
                                        
config 'switch_vlan'                    
        # 0 - 3 are ethernet ports 4 - 1 respectively
        # 4 is WAN port                              
        # 5 is internal connection (not used)        
        # old configuration:                         
        option 'device' 'eth0'                       
        option 'vlan' '1'                            
        option 'ports' '1 2 3 4 5'                   
        # new configuration (did not work):          
        # option 'vlan0' '1 2 3 5*' # The default LAN, but port 0 has been removed
        # option 'vlan1' '4 5' # The default WAN                                  
        # option 'vlan' '2' '0 5' # The DMZ
        
# config 'interface' dmz                                                          
#       option 'ifname' eth0.2 # This corresponds to "vlan2" above                
        # Thre rest is the same as for a typical LAN interface:                   
#       option 'proto' static                                                     
#       option 'ipaddr' 192.168.0.1 # This is a separate network                  
#       option 'netmask' 255.255.255.0
(2) Setting up the firewall

I don't understand the last two lines to be entered for the firewall changes, as shown below. I use DDNS as I can't afford a static IP for my web server. How do I modify those last two lines to accommodate my circumstances?
Code:
# Make 192.168.2.2:80 publicly accessible
config 'redirect'
       option '_name' 'http'
       option 'src' 'wan'
       option 'proto' 'tcp'
       option 'src_dport' '80'
       option 'dest_ip' '192.168.2.2'

# Allow the DMZ to access 192.168.1.4:5432 (%%FIXME:%% UNTESTED)
config 'rule'
       option 'src' 'dmz'
       option 'proto' 'tcpudp'
       option 'dest_ip' '192.168.1.4'
       option 'dest_port' '5432'
       option 'target' 'ACCEPT'
Please let me know if you need more info. and thanks in advance for any assistance.
 
Old 11-26-2013, 03:54 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,893

Rep: Reputation: 163Reputation: 163
You can configure a DHCP server on DMZ zone and your Web server get IP on the DHCP server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up PXE Server for Linux, Unix and Windows linuxunix Linux - Newbie 4 01-10-2012 01:28 AM
Build DMZ server for windows sharing printer using iptables andipurwito Linux - Networking 1 07-26-2007 05:28 PM
Setting up a linux server to authenticate windows users alan.me Linux - Networking 3 01-17-2007 07:05 PM
Setting up an energy efficient server -- Windows better than Linux? eppur_si_muove Linux - Networking 19 02-12-2006 11:31 PM
Setting up linux networking on windows server david.cormie Linux - Networking 8 07-22-2004 09:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration