This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Howto prevent access to DMZ

Is there a way to create a rule that allows control over access to my DMZ?

Internal lan is masq on internet. No masq on DMZ.
Have a rule like this:

internal -> -> any -> ALLOW

ANY is my problem. Thats give access to DMZ. How do i make a rule that only make access from internal to internet ?

This thread was automatically locked due to age.

Parents

0 Andy_01 over 23 years ago

place this before your rule:
internal network -> any -> dmz network -> DROP
Cancel
Vote Up 0 Vote Down

Cancel
0 ECKEROTH over 23 years ago in reply to Andy_01

Not good. I need some access to my dmz. Rules based [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 Massimo Cereda over 23 years ago in reply to ECKEROTH

Place before the drop rule this "some" access

[size="1"][ 27 August 2002, 08:53: Message edited by: Massimo Cereda ][/size]
Cancel
Vote Up 0 Vote Down

Cancel
0 notoriousiroc over 23 years ago in reply to Massimo Cereda

Put the rules allowing access to your DMZ after the drop rule, that way they are still allowed through.

notoriousiroc
Cancel
Vote Up 0 Vote Down

Cancel
0 ECKEROTH over 23 years ago in reply to notoriousiroc

THAT DONT WORK. If ASL process a rule it don't process further down in the rules. It stops on ALLOW or DROP permission.

I need another solution. ANYONE !!!!!
Cancel
Vote Up 0 Vote Down

Cancel
0 tank over 23 years ago in reply to ECKEROTH

You need to put your internal network allow rule below the drop rule, then place the allowed connections between your internal and DMZ rules above the drop rule. So in the end the allow any rule is last as a catch all for the internal network however the catch all going to the DMZ from Internal will cause a drop.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tank over 23 years ago in reply to ECKEROTH

You need to put your internal network allow rule below the drop rule, then place the allowed connections between your internal and DMZ rules above the drop rule. So in the end the allow any rule is last as a catch all for the internal network however the catch all going to the DMZ from Internal will cause a drop.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 ECKEROTH over 23 years ago in reply to tank

TANK: Like this ?

Internal -> "some rule" -> DMZ -> ALLOW
Internal -> "ANY" -> DMZ -> DROP
Internal -> "some rule" -> ANY -> ALLOW

[:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 tank over 23 years ago in reply to ECKEROTH

Yep
Cancel
Vote Up 0 Vote Down

Cancel
0 ECKEROTH over 23 years ago in reply to tank

Thanks [:)]
Cancel
Vote Up 0 Vote Down

Cancel