Protect your LAN and allow internet traffic through to your webserver with a demilitarised zone (DMZ) on your network. Simon Edwards guides you through the process in SmoothWall.
1. You want people on the Net to see the web server that's sitting on the Orange interface of your firewall in the DMZ. Our server has an IP address of 172.16.0.10, so the firewall needs to accept all incoming web traffic and send it to the server. We need to create a rule to allow this. Click on the networking menu link.
 |
2. Type the port number for the service that you want to provide into the Source port number box. There's a list of standard TCP/IP service port numbers available at www.iana.org/assignments/port-numbers. The Destination IP is the server's IP address (172.16.0.10) and the Destination port is 80. Click Add. |
 |
3. Local computers can access this server using both its true IP address and the firewall's Red interface (192.168.1.15). In our example the Red interface has a private address, as it sits behind an Ethernet router. If the firewall used a USB ADSL modem it would have a public IP address such as 217.158.195.1. |
 |
4. Computers on the LAN and the Net can access the web server, but the firewall prevents the server from accessing the LAN in case it has been compromised. Here, a web server is trying to ping a desktop PC on the internal network and access its personal web server. These attempts appear in the logs and should be taken very seriously.
|