This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up a DMZ

Hi,

I'm a software developper with limited experience as a network administrator, i.e. I know most of the basics, but I've still a lot to learn...

I want to set up a DMZ within our company network, using an Astaro ASG 11.
Our basic configuration is

Internet  Router(192.168.1.97 internally)  local network(192.168.1...)

I have tried to insert the ASG as follows:

Internet  Router(192.168.1.97 internally)  (WAN, 192.168.1.22)ASG(LAN,192.168.1.24)  local network(192.168.1...)

I have enabled Ping and Ping forwarding on the ASG, and used
  Internal(Network) --allow any--> Any
as the first package filter rule.

I had expected to be able talk to our router with this setup, but it doesn't work, not even pings work. I guess I have to tell the ASG somehow to pass the packets from my workstation to our router, but how do I do that ?

Best regards

Heiko

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 14 years ago

The suggestion from dknyinva is the proper way to setup a DMZ.

Also, if you want to setup an Astaro behind another router with the WAN and LAN in the same subnet, you'll want to bridge the interfaces. Things will be much simpler though, if you just replace the current router with the Astaro.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 14 years ago

The suggestion from dknyinva is the proper way to setup a DMZ.

Also, if you want to setup an Astaro behind another router with the WAN and LAN in the same subnet, you'll want to bridge the interfaces. Things will be much simpler though, if you just replace the current router with the Astaro.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 HeikoP over 14 years ago in reply to Scott_Klassen

ups... my description was misleading with regards to my problem, sorry.
I'm definitivly going to use the third NIC for my DMZ system !

What I described above was just a first try to integrate the Security Gateway into our network - if you see the network just as a pipe, I tried to add a T-connector in the middle of the pipe, the open end being my future DMZ connector.

My problem at the moment is that this t-connector broke my connection from the net to our router. I can't reach that router anymore, and I can't reach the internet behind it.

"bridge the interfaces" is probably the solution to my problem. Could you give me a hint where I do this in the Webadmin interface ?

Thanks for your answers !

Heiko
Cancel
Vote Up 0 Vote Down

Cancel