Hello everyone,

I want to setup a DMZ on my existing network but let me explain first my network structure.

I have 20 PCS and 3 servers. All the PCS & Servers are in the same network (all of them have ip range 192.168.1....)

IP of Router: 192.168.1.1
IP of Main Server: 192.168.1.2
IP of Secondary Server: 192.168.1.6

What i want to do now is:

I want to add 10 PCS into the DMZ network and i also want these 10 PCS to be able to communicate with the router and servers.

NOTE: I am willing to launch another server in order to serve the DMZ purposes, but i am not capable to edit the existing settings of the servers and the router!

Any suggestions?

If you want the added PCs to communicate with the others then why put them in a DMZ?

Thank you for your reply!

I want to add them on a DMZ, because they will need to have access on the Internet (so far they didn't have access on the internet).
So in case one of the PCs catch a virus, i don't want to infect the rest of the network.

My guess is that you must[?] to put the 10PCs on a *different subnet* like 192.168.2.*
(at least for simplicity/clarity; I don't know whether you could do some tricky [=nasty!] 'mapping' to do all this on the ONE existing [sub]net! That would put 'evil' pkts on that LAN!)

New server would have three[!?] NICs: one to ..1.* LAN, one to new ..2.* LAN of 10PCs,
and one with a *publically-routeable* (not 192.168.*/10.*) ISP-provided address.

I don't know firewall! I'm guessing you have CentOS7 with firewalld. Best wishes! Let us know

** I welcome other LQ'ers feedback/corrections! (I hope this will prod things along here )

UPDATE edit: looks like *I* need to web-research like: network dmz diagram

No need for 3 nics. You can add the DMZ subnet on your internal nic and use iptables to route the traffic that you want.