William Trenker
2003-May-02 10:53 UTC
[Shorewall-users] Help understanding the DMZ concept
>From the FAQ, item #2:"For the cost of another NIC and a cross-over cable, you can put your server in a DMZ such that it is isolated from your local systems - assuming that the Server can be located near the Firewall, of course :-)" I notice a number of references in the docs to a ''dmz''. I thought this was a reference to a separate computer, but the above quote from the FAQ leaves me wondering. Now this will probably sound hilarious, but does the above quotation from the FAQ infer that the dmz is created by looping back from one NIC to another NIC on the same computer? Thanks, Bill -- Using M2, Opera''s revolutionary e-mail client: http://www.opera.com/m2/
On Fri, 02 May 2003 10:57:48 -0000 William Trenker <wdtrenker@yahoo.ca> wrote....> From the FAQ, item #2: > > "For the cost of another NIC and a cross-over cable, you can put your > server in a DMZ such that it is isolated from your local systems - > assuming that the Server can be located near the Firewall, of course > :-)" > > I notice a number of references in the docs to a ''dmz''. I thought this > was a reference to a separate computer, but the above quote from the FAQ > leaves me wondering. Now this will probably sound hilarious, but does > the above quotation from the FAQ infer that the dmz is created by > looping back from one NIC to another NIC on the same computer?You had it right, the dmz is where you store your untrusted systems.. Usually they are systems with servers that have access from the Internet, so you isolate them from your LAN so if they get hacked, they are not in your local LAN.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net / \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft''s Homepage, on the day an SQL Server bug crippled large sections of the Internet. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030502/64e4d4ad/attachment.bin
On Fri, 02 May 2003 10:57:48 -0000, William Trenker <wdtrenker@yahoo.ca> wrote:>> From the FAQ, item #2: > > "For the cost of another NIC and a cross-over cable, you can put your > server in a DMZ such that it is isolated from your local systems - > assuming that the Server can be located near the Firewall, of course :-)" > > I notice a number of references in the docs to a ''dmz''. I thought this > was a reference to a separate computer, but the above quote from the FAQ > leaves me wondering. Now this will probably sound hilarious, but does > the above quotation from the FAQ infer that the dmz is created by looping > back from one NIC to another NIC on the same computer?The above quote from the FAQ is talking about the security implications of locating a server in your local network. For the cost of another NIC in the firewall and a cross-over cable, you can move that server to a LAN segment that it shares only with the firewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net