Hi,
I'm looking at setting up a DMZ for the first time and I need some advice to get it right. I'll be using IPF or IPFW on FreeBSD.
I have a connection to the internet that gives me a public IP address for my webserver, I'll be adding a separate database server to talk to the webserver and the internal network. For our internal network we have a different internet connection (T1) That's currently the external iface on the firewall for our network.
The setup that I'm considering is a quad homed firewall:
1 interface for internal net (10.x.x.x) 2 interface for T1 3 interface for internet connection for web/db server 4 interface for web/db server DMZ. (192.168.x.x)I need to access both the web and db server from internal net. web and db server will be exposed to the outsie world via interface 3.Question
- I really only need the world to connect to the webserver's web and mail services. Would it be proper to just nat through to the webserver machine on the DMZ ports 80, 25, and 443 on this interface?
I've seen plenty of examples for a triple homed firewall, but the extra internet connection has me confused.
Anyone have any tips/tricks/suggestions out there? How about an example?