Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Mailserver back up to NAS

Posted on 2013-11-22
3
Medium Priority
?
233 Views
Last Modified: 2013-11-27
I have a mailserver in the DMZ.  It has two NICs, only one is active.
I want to back this up to the NAS on my LAN.
I'd like to turn on the 2nd NIC, add it to my LAN, but prevent any traffic from the outside "real Ip" interface from reaching the LAN.


Windows Firewall?  What rule?
0
Comment
Question by:dougp23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 39670939
Do not connect the second NIC to the LAN as that will become the bridge should the system in the DMZ get compromised.

Another option depending on the switch, create a LAG group on the switch  using the two interfaces as a team.
This way you can "double" the bandwidth available and create a rule to allow the traffic from The DMZ system to the nas, though not sure who you would isolate the issue.

If you have a backup client/server setup (bacula, zmanda, etc.) you would be able to set the parameters of access. with the direction to the NAS the DMZ server has to have access rights to share which is a much wider opening of the firewall.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39671635
So if my Eth1 on the server has a "real IP" of (making it up) 78.111.209.155
And my Eth2 on the server has a "Non-routable" IP of 192.168.10.109

There is no way to isolate that Eth2 so I can say "only traffic to the NAS is allowed for this interface"?
0
 
LVL 79

Accepted Solution

by:
arnold earned 1180 total points
ID: 39671648
By default no traffic from the outside will directly pass through to the internal lan, but should your system be compromised, the DMZ configuration will not help protect your LAN from the intruder as they have the path over eth2.

Depending on your mailserver configuration, you could make the DMZ host as a head unit only such that the user homedirs reside on the NAS which is NFS mounted on the mail server without root rights..

Configuring the firewall Never mind, your are on a windows platform.

What is your setup?

A windows firewall can be overriden by the person who compromised your system to gain access.

To restrict the DMZed host when they have a second dedicated feed into the LAN means you have to reconfigure the firewalls on all LAN systems to deny the DMz'ed host's second internal IP access to resources on each system ...........


if you have internet <=> router/FW <=> dmz host
                                                        <=> LAN
You could configure the FW to allow DMZ host specific traffic to the a LAN HOST
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question