Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 2 subscribers
  • Views 439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ services.

giallu
I added a DMZ to my network configuration and now I need to give some services to my internal net.

this is my network topology:

Firewall:
eth0: 192.168.10.1/255.255.0.0 (intern)
eth1:0 a.b.c.d/255.255.255.0 (extern)
eth1:1 a.b.c.e/255.255.255.0 (web_server)
eth1:2 a.b.c.f/255.255.255.0 (mail_server)
eth2: 10.0.0.1/255.255.255.0 (DMZ)

I have a working MASQed network:
internal_net (192.168.0.0/16) ->extern

and 2 dnat for HTTP and SMTP
a.b.c.e -> 192.168.9.x.
a.b.c.f -> 192.168.9.y.
with 2 packet filter rules that lets traffic in.

Now I'd like to put the mail server in the DMZ (I'll go for the http one later  [;)] have no luck.

Please note a couple of things: I'm using SPOP (secure pop) so it's not using port 113 but 995 instead. Of course I defined a new service SPOP with S/port 1024:65535 and D/port 995 and I'm using it to define rules.
I'm getting many packet dropped from the DMZ server to the DNS server(s), I can allow them but I don't know why it is trying to use DNS.

Please help me setting up this thing as I don't know any other place to beat my head on.....  [;)]

greetings


This thread was automatically locked due to age.