I installed a third NIC in my Astaro box for use as a DMZ port for my PS3 and one other computer that needs a relaxed firewall environment.
I have three NICs total: WAN, Internal LAN, DMZ.
WAN plugs to cable modem. LAN plugs to switch. DMZ plugs to another firewall and then to the PS3 and "exposed" computer.
I created the following two rules:
DMZ (Network) --> ANY Service, DROP --> Internal (Network)
and the next rule is:
DMZ (Network) --> ANY ALLOW --> Internet.
Is that the proper way to setup a DMZ?
I want to prevent ANY communication between the DMZ NIC + attached and the LAN NIC + attached.
I added the DHCP server to the DMZ NIC and used a different set of IPs.
I also setup a DMZ (network) --> External WAN "Masqerading" rule. Was that proper?
Is there a more secure set of rules or configuations than above?
Do I need a rule like Internal (network) --> ANY DROP --> DMZ (network) ?
Finally, I added DMZ (network) to the Global IPS page. Is that proper? All my services are working OK on the DMZ. Does that mean it is getting some protection?
This thread was automatically locked due to age.
