|
|||
dmz and firewall questions
Hi there
I'm totally new to OpenBSD. I do have 2 years UNIX experience via Linux. I'm currently wanting to set up a network with 2 servers in a DMZ in order to separate them from an internal network. I want to use an OpenBSD dedicated firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem(router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, i think it's 1 or 2, interfaces in a DMZ. But, when i think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ( I'm think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What i mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?. If i should put any of these interfaces in this DMZ please let me know which one. Thank you for your time. This is really not a joke i am in fact still a UINX n00b regards Unixjingleman |
|
|||
Quote:
Otherwise, you are correct. A firewall must be configured with different subnets on the different interfaces. The interface used for your private network can use private addresses. You have the choice of either setting up each internal host with static IP addresses on their interfaces, or you can configure a DHCP server within your internal network to assign dynamic address. As a newcomer to OpenBSD & pf(4), you will save yourself significant time & aggravation by studying the official FAQ including the PF User's Guide along with the pf(4) manpage. The only third-party introduction to pf(4) worth the the time to study is Hansteen's manuscript: http://home.nuug.no/~peter/pf/ |
|
|||
Thank you very much for your reply. So the dedicated firewall(OpenBSD box) can do NAT and dhcp for the servers(in the DMZ) and the hosts on the internal network?. So should i put the interface that connects the OpenBSD dedicated firewall to the external router/modem(router and modem in one) in the DMZ of the external router/modem?. Then the servers in the DMZ of the dedicated firewall(OpenBSD box)?.
|
|
|||
Quote:
Quote:
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Two PF questions | sparker | OpenBSD Security | 5 | 9th November 2009 08:01 AM |
Some Questions ?? | ultranothing | OpenBSD Security | 6 | 4th September 2009 04:59 PM |
Silly questions about Mac OS X? | tutosun | Other BSD and UNIX/UNIX-like | 12 | 31st December 2008 03:45 PM |
ZFS thoughts and questions | mtx | FreeBSD General | 3 | 28th November 2008 07:27 AM |
Firewall Hardware Questions | gunderwood | OpenBSD General | 3 | 15th May 2008 03:50 AM |