I have been googling, and reading about using a DMZ. But I have yet to find information adequate to allow me to simulate use of a DMZ using virtual machines. I find it easy to make virtual machines, and have no space for extra hardware. What I want to do is set up a couple virtual machines, representing a web server hosting code that represents the business logic layer and UI of a web application, and since it is data driven, the other hosts the database server. I then want to set up a small VM representing the inner firewall, separating the DMZ from the BL and DB server. Then there would be another web server set up in the DMZ, and another small VM to serve as the outer firewall (providing a boundary between the rest of the machines on my LAN and the DMZ). The sources of information I have found so far appear to have presented the concepts well, but they provide little practical information on how to actually make a DMZ. There are several things that are not clear to me. 1) I assume that the two small VMs that serve as my inner and outer firewalls would also act as a kind of bridge, providing routing between my LAN (192.168.2.*) and a subnet (such as 192.168.1.*), represents either my DMZ or the virtual LAN behind the inner firewall; but how is that configured? What tool would I use for that? 2) Does the web server in the DMZ just get configured as some kind of proxy (meaning I only need to configure forwarding in the apache conf files), or do I need to put CGI code on it to validate request data and then forward the request on to the BL server? 3) How do I make ssh work with the DMZ so that I can actually log into the BL and DB servers, for the purpose of administering them? As an aside, how would I ensure that ssh uses only TLS 1.2 or later? This is for my own experimentation, eventually to support my own coding, for the very near term. But, when I deploy to a real host, I suppose I'd have to consult with the hosting provider to configure the provider's firewall(s) to support a DMZ; but doing this with virtual machines here I would expect to help me understand whatever issues are involved in properly using a DMZ to secure a website. I would appreciate any links to resources that show how to do all this, or at least a 'to do list' and a list of tools that could be used to complete each task that must be done. Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org