Skip to main content

setting up a DMZ

More
18 years 5 months ago #14849 by deepineyez
setting up a DMZ was created by deepineyez
hi,

can someone help me setup a dmz . i need to create a dmz to place a ftp server in it with will be communicating with another ftp server connected over a isdn cloud to upload and download files .

i would like to place the ftp server in dmz so it will not interfere with my runtime network and it is risk free from outside world.

i am planning to buy a netscreen 5gt firewall for the purpose.

i need to know how would be the security policies be configured. Is it need to give IP restriction or selected ports to be restricted or both

regards
More
18 years 5 months ago #14855 by donanak
Replied by donanak on topic Re:setting up a DMZ
Hi Deepineyez

First of all I'm a newbie myself and hope my little knowledge here would help. Perhaps someone else could add more to it later for you.

I do not know how your network is setup and you didn't mention it, but most network do have the following sequence:

Internet => Firewall/Gateway =>
    => Green
    => Orange (DMZ) (your FTP server)
    => etc

This is a small quote from ipcop forum and it helped me, you can follow this to get your server running in no time. Quote:
Orange (meaning your FTP server) Mantra:

. Orange must be on a separate physical wire from Green (not on same hub/switch)
. Orange must be on a separate logical subnet.
. Orange cannot send nor respond to ICMP. (ie., PING).
. Orange must always use ISP DNS for name resolution.
. Orange must always point to the firewall/gateway Orange interface as its gateway.
. Orange can be accessed from Green ONLY by it's internal IP address, *I've learnt you can VPN aswell.
. Orange cannot access Green unless pinholes are opened on firewall/gateway.
. Orange can be port-forwarded to in exactly the same manner as Green.

If you get here all you need to do is to port-forward to your FTP server from the firewall/gateway. If you want only your other FTP only to get to this FTP as you said, then you have to specify that the firewall allow ONLY the IP address and port of that FTP, else you leave it open which will allow anyone to access your server if they know the address.

To make it more secured you can specify a different port other than port 20/21 for FTP. There are other ways but it's out of my leaque. Anyone else reading this???

Let us know how it goes, others are waiting to help too.

HTH

A smart person knows what to say, but a wise person knows whether or not to say it.

'When perfection comes, the imperfect disappear.'
Time to create page: 0.118 seconds