Date: Tue, 10 Oct 2000 18:58:56 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: Chris Dempsey <chrisdempsey@yahoo.com> Cc: "ROTHENBERG, MICHAEL" <MROTHENBERG@exchange1.PRIA.com>, "'FreeBSD-questions'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Ethernet config Message-ID: <14819.44352.112283.32678@guru.mired.org> In-Reply-To: <20001010224450.24316.qmail@web111.yahoomail.com> References: <20001010224450.24316.qmail@web111.yahoomail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris Dempsey writes: > I am running two win boxes and a bsd box behind the > same router setup, using a cable modem -> router -> > 100mb switch -> bsd box. The router uses a web-based > 192.168.1.1 configuration screen and does DHCP, > dynamic/static routing, and limited port forwarding. > It has an option to place one box on the "DMZ," what > that does I am not sure. All of the relevant > information is entered into the webbased setup > screens. I think they're abusing the term "DMZ". It's from military jargon, and stands for "demilitarized zone". The only way I've seen it used in relation to firewalls is to refer to the part of your network *outside* your firewall (or outside one of your firewalls, if you have a quality firewall). The idea is that you put hosts that are exposed to breakins outside, so if they are broken into, your local network traffic isn't exposed. Unless listing a box as the "DMZ host" isolates it from the network, I'd say it's not really doing that. From what I can tell, all doing that does is sends everything that isn't forwarded elsewhere to the DMZ box. FWIW, if you're going to let external traffic through, you should probably not trust the boxes you expose to the outside world that way. My internal freebsd boxes (both of them) run ipfw firewalls, and in general disable traffic to/from the machine that's playing web server. > Port forwarding to both ssh (22) and telnet (23) are > able to work fine, but I have also yet to check other > ports. NAT works perfectly. I'm getting mail (25) through mine, and you can poke at the web server at <URL: http://mwm.tzo.com/ > (though don't bookmark that; it'll probably vanish before the end of the month, after my DNS changes go through). > I have xl0 setup as ifconfig="DHCP" and it works fine. My test box boots Windows in DHCP mode. It leaves footprints all over the ipfw logs on my FreeBSD boxes, but it does work fine. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14819.44352.112283.32678>