RE: [suse-security] Web server behind firewall
A DMZ is a demilitarized zone, a zone containing no critical information,
where less security measures are necessary.
To create such a DMZ and keep it easily managed and totally seperated from
your internal network a 3rd ethernet card is a good plan!
Succes
Harro
-----Original Message-----
From: Scheme Loh [mailto:schemebot@yahoo.com]
Sent: Sunday, November 11, 2001 11:07 PM
To: suse-security@suse.com
Subject: [suse-security] Web server behind firewall
--- James Bliss
Look at Scenarios 5 and 6 in the EXAMPLES file (in a normal install this is /usr/share/doc/packages/SuSEfirewall2).
Good luck, you should be able to do this fairly easily.
Jim
My idea is to add a third ethernet card (eth2) and have it on another network 10.0.0.x. Then change FW_FORWARD_MASQ to go to 10.0.0.x and leave my 192.168.1.x network the way it is now. In a nutshell, what is a DMZ? Thanks everyone! ===== Daniel Woodard __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
You might want to use 3 NICs in 1 gateway (firewall) or use a bastion/choke firewall concept like I do to implement a DMZ in common sense. Illustation: http://ncc.madnet.ch/NetOverview.htm Regards Rolf P.S.: Great list with great people, keep up this spirit! Harro Vos wrote:
A DMZ is a demilitarized zone, a zone containing no critical information, where less security measures are necessary. To create such a DMZ and keep it easily managed and totally seperated from your internal network a 3rd ethernet card is a good plan!
Succes
Harro
-----Original Message----- From: Scheme Loh [mailto:schemebot@yahoo.com] Sent: Sunday, November 11, 2001 11:07 PM To: suse-security@suse.com Subject: [suse-security] Web server behind firewall
--- James Bliss
wrote: Look at Scenarios 5 and 6 in the EXAMPLES file (in a normal install this is /usr/share/doc/packages/SuSEfirewall2).
Good luck, you should be able to do this fairly easily.
Jim
My idea is to add a third ethernet card (eth2) and have it on another network 10.0.0.x. Then change FW_FORWARD_MASQ to go to 10.0.0.x and leave my 192.168.1.x network the way it is now.
In a nutshell, what is a DMZ?
Thanks everyone!
===== Daniel Woodard
__________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com
participants (2)
-
Harro Vos
-
Rolf Klemenz