DMZ or not
Posted on 2006-11-30
here is the problem
I've got one static IP Address, one server running linux (YAY!), an old machine that could always serve and a firewall (a real firewall machine)....
So I have on the linux server, the users of the network who access their home folders (through Samba), on the same server, runs an FTP server (vsftpd), so that the users from their home can still access their files on the server.
So knowing the security threat of FTP, I took some precautions security wise (so no worries at that level)... For the moment, my firewall "host" the public IP address and just does a port redirection to the server (for example port 21). So till then everything is fine...
my next step is to add a mail server.... so my option is I could still add another port forwarding on the firewall to the server... but then I am more wondering if I should not set up a DMZ.
My problem is that if I decide to set up a DMZ, i therefore need to have a second server, which will be in a DMZ and synchronize with the users of the internal linux server... this server in the DMZ can therefore be a mail server... however since the whole purpose of the FTP is to allowed users to access their home folder on the linux server, i might then run into a problem with setting a DMZ... or only if it is possible to still do port forwarding on the firewall even do, having a DMZ?
Also the question I had, when you set a DMZ, does it mean that ALL PORTS ARE OPENED ON THAT DMZ MACHINE... like know on my firewall with my present settings, only port 21 is opened...
thx for ideas and clarifications