From owner-freebsd-questions Fri Jan 10 11:34:50 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DAD337B401 for ; Fri, 10 Jan 2003 11:34:49 -0800 (PST) Received: from gicco.homeip.net (dclient80-218-75-162.hispeed.ch [80.218.75.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 370A343F3F for ; Fri, 10 Jan 2003 11:34:48 -0800 (PST) (envelope-from hampi@rootshell.be) Received: from localhost.here (idefix@gicco.homeip.net [127.0.0.1]) by gicco.homeip.net (8.12.6/8.12.6) with ESMTP id h0AJYlO1060208 for ; Fri, 10 Jan 2003 20:34:47 +0100 (CET) (envelope-from hampi@rootshell.be) Received: (from idefix@localhost) by localhost.here (8.12.6/8.12.6/Submit) id h0AJYloL060207 for freebsd-questions@FreeBSD.ORG; Fri, 10 Jan 2003 20:34:47 +0100 (CET) X-Authentication-Warning: localhost.here: idefix set sender to hampi@rootshell.be using -f Date: Fri, 10 Jan 2003 20:34:47 +0100 From: Hanspeter Roth To: freebsd-questions@FreeBSD.ORG Subject: Re: Split DNS, LAN, DMZ Message-ID: <20030110193447.GB60150@gicco.homeip.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20030110191840.75386.qmail@mail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030110191840.75386.qmail@mail.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Jan 10 at 11:18, bsdaemon@mail.com spoke: > Hello all > > I am setting up a network at home, and I'd like the following configuration: > > outside--DHCP-->firewall (trihomed)--(10 net)-->LAN > |___>DMZ (private IP?) > > Is this feasible? I saw some references that said the DMZ has to be a public IP, and others that [I think] said it was possible to use a private IP for the DMZ. Could someone clear this up for me? The DMZ may be in a private address space. But if clients from outside should be able to connect to some hosts in the DMZ they must be made available by a public address of yours on the outside interface of the firewall. You can accomplish this by NAT. -Hanspeter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message