This is a discussion on DMZ with commodity firewall - Routers ; We have a couple of DMZs set up with Firewalls such as NetGear and Linksys to separate the subnets. The problem is that these are Firewall/Dsl Routers that are intended to route information from your local network to the Internet ...
We have a couple of DMZs set up with Firewalls such as NetGear and Linksys
to separate the subnets.
The problem is that these are Firewall/Dsl Routers that are intended to
route information from your local network to the Internet that also have
firewall functions.
The Wan side has a gateway that is usually the DSL Router.
You can usually set up the Firewall as Standard or Nat. With standard the
Lan and Wan have to be the same sub net. With Nat the Wan is the ISPs Router
address (public) and the Lan is your private network.
In my case, I want to use Firewall inside the private network where both the
Lan and Wan would have private addresses but each would be a public address.
So on my Protected network I would have all my user machines on the 10.0.0.X
network and my DMZ that has my Sql Servers would be on the 10.0.3.X network.
I don't know if it matters which side has Lan or Wan interface. But what
about the Gateway address. I have it set up at the moment as:
Wan:
IP Address:10.0.0.251
Mask: 255.255.255.0
Gateway: ?
Lan:
IP Address: 10.0.3.251
Mask: 255.255.255.0
Sql Server IP Address: 10.0.3.2
My workstation: 10.0.0.25
I am assuming that Nat needs to be set for this to work. But in the Internet
world you would not be able to accesses an address in the private network
directly. Only in response to a request. So there would need to be a request
from the Private address first to the Internet and the Internet would
respond. But not the other way round.
Since I am Natting here, wouldn't I have the same problem? Is there a way to
make this work with these types of Firewalls?
We have a Checkpoint Firewall that does this great. But that is too
expensive for us here in this scenario.
_________________
Thanks,
Tom
