Is it possible to set up a true dmz using cheap hardware firewalls?

Is it possible to set up a true dmz using cheap hardware firewalls (maybe by using port forwarding)? I'm talking about cheap firewalls without the dmz ports (linksys, netgear, and so on)? Thank you.

Reply to
kwalldk4532
Loading thread data ...

Yes, put two of them in series:

INTERNET :::: ROUTER 1 This LAN would be the DMZ : ROUTER 2 This LAN would ne your LAN

Router 1 192.168.8.1/24 Router 2 WAN 192.168.8.2 Router 2 LAN 192.168.4.1/24

Reply to
Leythos

Thank you for your reply Leythos. That is kind of how I imagined you would have to do it. I wonder if you were have a web server in you DMZ and a DB server on your LAN will there be any connection issues. I'm guessing if you forward the correct IP's and ports there won't be a problem (I hope). In the setup you are talking about a web server in the DMZ would need only one NIC, correct? And you would just connect router 2 to an open port on router 1? So it would be,

Internet -> WAN port on router 1. Web server NIC -> Any open LAN port on router 1. WAN port on router 2 -> Any open LAN port on router 1. All LAN machines -> Any open LAN port on router 2.

Does this seem about right? Thanks for your help. It's much appreciated.

Reply to
kwalldk4532

The cable connections are right, but you need to do a couple things:

ROUTER 1 LAN: Range 192.168.8.1/24 Web Server 192.168.8.10 ROUTER 2 WAN: 192.168.8.2

ROUTER 2 LAN: Range 192.168.4.1/24 DB Server 192.168.4.10

You must use Fixed IP for the dedicated servers/devices, this will keep them from changing address if using DHCP.

Now, you need to setup PORT forwarding in router 2 so that the web server in LAN 1 can reach LAN 2's server.

ROUTER 2: Forward TCP 1433 (assuming MS SQL) to 192.168.4.10 Database Server.

You then need to setup an ODBC connection between the web server and the

192.168.8.2 address (the WAN address of ROUTER 2). Since you are port forwarding from WAN 2 to LAN 2, you would use the single IP of WAN 2 as your ODBC connection (or other) to reach the LAN 2 network.

Hope this helps.

One other thing - you want to have a DNS server INSIDE LAN2 and have it setup with the DNS entries for your web server - so that

formatting link
resolves to the 192.168.8.10.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.