Dual firewall DMZ

May 26, 2010 at 06:14:51
Specs: Linux
Hello everyone,

I have been given the mission to create a dual firewall DMZ, but I fail to see some
key-functions of the DMZ-network.
I have the picture of what i need to create:
http://www.cnux.ca/sqlserver_ws_pro...

My question is:
How can the internal network reach the internet?
Do the two firewalls have to be connected to eachother?
Like so:
http://img42.imageshack.us/img42/18...


See More: Dual firewall DMZ

Report •


#1
May 26, 2010 at 06:40:29
Who gave you that mission?

How do you know when a politician is lying? His mouth is moving.


Report •

#2
May 26, 2010 at 06:47:44
Its for a school project. I already designed a three-legged firewall
with a DMZ, now i have to create a dual firewall DMZ network ...

Report •

#3
May 26, 2010 at 07:14:48
How can the internal network reach the internet?

Routing

Obviously internal client's external (internet) traffic would have to be routed from the internal router to the external router and from there, to the internet.


Report •

Related Solutions

#4
May 26, 2010 at 07:26:25
Hmm ok. So in the current setup there is no internet for the
internal clients...I see.

Report •

#5
May 26, 2010 at 08:09:12
anarchypower
Neither of your examples are that of DMZ. Your first example is the same as your second example because you are not differenciating between the two. You differenciate by what ports do which.

Example1 [dmz off router1 - no access via business lan]
internet<>router1<port to port>router2<>business lan
internet<>router1<dmz port>dmz servers

Example2 [dmz off router1 with access to business lan]
internet<>router1<port to port>router2<>business lan
internet<>router1<dmz port>dmz servers<port to port>router2<>business lan

Internet is accessed by the business lan via the dual routers port to port
DMZ is access via the internet
DMZ is accessed via a second port to the dmz via router2 and gives the business lan protected access to the dmz servers


Report •

#6
May 26, 2010 at 09:17:01
Hmm ok. So in the current setup there is no internet for the internal clients...I see.

Sorry but, we're not going to hand you the answer. Most, if not all, of the regulars that hang out in here and help have already done their schooling and like me have no interest in doing someone elses. Also, you learn more if you figure it out.

I gave you the answer. Now you need to do the necessary work to make it work.

Now wanderer has given you more detail than I did

Internet is accessed by the business lan via the dual routers port to port
DMZ is access via the internet
DMZ is accessed via a second port to the dmz via router2 and gives the business lan protected access to the dmz servers

So you should have more than enough info to figure it out.

Good luck!


Report •

#7
May 26, 2010 at 09:24:25
@Curt: Thank you, but all i want to know is if I should connect
the two firewalls or not to have internet in my internal network.
Don't make it sound like I'm asking you how to compile a netfilter
compatible kernel and a full iptable setup...I'm just asking a
*little* detail on paper...Sorry if that is to much to ask.

@wanderer: Thanks, i will keep in mind what you said.


Report •


Ask Question