View Single Post
Old 22nd August 2008
neurosis neurosis is offline
Fdisk Soldier
 
Join Date: Jul 2008
Posts: 69
Default

Quote:
Originally Posted by ephemera View Post
Yeah, setting "dmz" on your router is bad idea.
On a secure/real dmz setup you would have a firewall protecting the internal lan from the ftp/web servers (which are outside the firewall) in case they get compromised.
Anyway since it looks like in your case there is just one computer behind a (adsl?)router you can't do dmz but you can configure your router to selectively forward the required ports for ftp/web services.

I understand what your saying and with my limited knowledge im trying to make myself understand this as best that I can. I wondered about what you were saying when I started all of this since I knew that I was using one computer (there are actually three compters on my LAN) to run freebsd with the two jails set up, one running httpd, and one running ftpd. They are indeed part of my internal network. I have been port forwarding the necessary ports to the jails and pretty much have only one port forwarded to the freebsd host itself and "NO" ports forwarded to the rest of the nework. One thing that the router does allow me to do, is put the ip of the jail running the ftpd in the DMZ. This is where the confusion started for me and where I may be getting myself confused. Once I put that jails ip in the DMZ on the router, I was able to port scan my external ip from my work computer and it showed that the ftpd port was open. I took that ip out of the dmz immediately until I could get a better understanding of how all of this worked together.
Reply With Quote