dissolved
asked on
General questions on router setup (ISP)
68.34.76.6
|
|
Router
|
| ----------Block of public IPs here from ISP
|
Firewall (NAT)
|
|
Internal Network
1. If you have a webserver in this setup, what would the external address be? The one assigned to the external interface of your router, or one of the IPs in between your router and firewall?
2. Does the "outside" interface of your firewall use one of the blocked IPs from your ISP? Or does it use a private address?
3. Is this a typical setup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not necessarily, you could use private addressing in the DMZ and use static NAT's to forward external traffic to the DMZ servers.
> I'm assuming you will need one public IP for each public interface of the firewall you use?
You sill only need one public IP for the outside interface.
The DMZ interface is just another INside interface that can be a private IP subnet different than the internal net.
You can use the same block of public IPs to nat to either a dmz host or an internal host.
12.34.56.8 (ext)
|
|
Firewall--(DMZ1)--172.16.1 6.1------- Webserver (w/private IP)
Firewall--(DMZ2)--172.16.1 7.1------- Specialser ver (w/private IP)
|
192.168.1.1 (int)
|
|
Internal LAN
You sill only need one public IP for the outside interface.
The DMZ interface is just another INside interface that can be a private IP subnet different than the internal net.
You can use the same block of public IPs to nat to either a dmz host or an internal host.
12.34.56.8 (ext)
|
|
Firewall--(DMZ1)--172.16.1
Firewall--(DMZ2)--172.16.1
|
192.168.1.1 (int)
|
|
Internal LAN
ASKER
Excellent, thank you
ASKER
How would this setup change if the firewall had multiple interfaces. ANd the DMZ was simply an interface that hung off the firewall? I'm assuming you will need one public IP for each public interface of the firewall you use?
ie:
12.34.56.8 (ext)
|
|
Firewall--(DMZ)----------1
|
192.168.1.1 (int)
|
|
Internal LAN