This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use public IP's on DMZ-hosts

I always thought it was necessary to create DNAT's from public IP's (additional addresses) to DMZ hosts and also need to have a masquerading (or SNAT) rule from these hosts to the internet.
I just read another thread however which seems to assume it's possible to directly use the public IP on a host in DMZ.

Is this indeed correct?
If yes, how should it be configured (subnet on DMZ?, additional addresses on the interface?)?

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi, you can, but you need a Transfer Network from your ISP.

So, you move your subnet into the DMZ, and get another subnet, typically a /29 or /30, and use it for the external interface.
The ISP routes traffic for your subnet via the firewall's external IP on the transfer net.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi, you can, but you need a Transfer Network from your ISP.

So, you move your subnet into the DMZ, and get another subnet, typically a /29 or /30, and use it for the external interface.
The ISP routes traffic for your subnet via the firewall's external IP on the transfer net.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data