Configurating DMZ

Shopro · Posted: Wed Oct 13, 2004 4:43 am Post subject: Configurating DMZ

Yesterday i bought a DFL-200 firewall for my company. But unfortunatly i can not get it configure the right way to be able to use it in our company's network.
This is the way that our company's network is currently set and after that i'll try to explain how we would want it to be when using DFL-200 firewall.

Currently we have 5 static ip-addresses which we can use. One ip is taken by our DSL-box, its ip is 62.183.242.89. We currently have only one server which handles all our services at the moment. It has been given the ip address 62.183.242.90, that ip also has a dns redirect to a address wn-net.com.
Subnet mask that these ip's uses is set from the ISP's side. It is 255.255.255.248. Our server uses DSL-boxs ipaddress for gateway access.

Now we would like to set our 62.183.242.90 server in the DFL-200's DMZ area. So that users can just type wn-net.com in their web browsers and access our pages as usually. We currently have no local area network behind this firewall box so we do not need to configure it now, maybe in the near future. But i would really be thankful for information how to setup this kind of system with our new firewall box. And what ip's and subnetmasks plus gateway addresses we should assing to our server and what ip's to the firewall box?
_________________
Just because I have nothing to say is no reason why you shouldn't listen.

fennec · l33t Joined: 30 Aug 2003 Posts: 613 Location: Montreal

this box is a NAT firewall, therefore i dont think it would route to a public ip behind it... you should give a call to dlink and ask them or read the manual...

pjp · Administrator Joined: 16 Apr 2002 Posts: 20588

Moved from Other Things Gentoo.
_________________
Quis separabit? Quo animo?

nobspangle · Posted: Wed Oct 13, 2004 9:37 pm Post subject:

One thing for you to consider (nothing to do with the firewall) is that you have a block of 8 IP addresses 62.183.242.89/29 the first and last addresses are taken up by broadcast and the subnet, 1 IP is used by your ADSL router/modem that leaves you with 5 useable addresses.

The first thing you will need to do is give your dlink some IP addresses. The box must have an address on the 62.183.242.89/29 subnet. Since you are already using 90 I would use 91. This is the WAN IP. There are usually two ways to configure a dmz, with or without NAT. With NAT you give the dmz port an IP address (say 192.168.0.1) then you give all the servers connected to your dmz an IP in that range, then you set the firewall to translate between the public addresses and the private addresses (usually called one-one NAT). The default gateway for each of the servers is the ip address of the dmz port. Then you simply set rules to open which ever ports you need.

With non NAT you give each server it's real public IP address. I prefer the NAT method for most situations.

When you come to set up your LAN you must also give the firewall an IP in a different range for it's LAN port.