Dear friends,
i have a question..
from one of my clients I have to create a virtual machine in dmz, but the company has only one public ip available .. I thought to create a dmz on a private plan and then create a 1: 1 nat ..
The firewall acts as a gateway, it has two wan networks, a lan network and on Monday I will create a dmz network
the two wan networks are one in ppoe (for the main operator) and the backup one configured on public ip. Both connections have only one public ip.
The virtual machine will have the role of webserver, and will have to connect via pinholes to the sql server on the lan, if it were not for this I would have opted for the Hot Lan.
Am I right to create dmz and nat 1: 1?
i have a question..
from one of my clients I have to create a virtual machine in dmz, but the company has only one public ip available .. I thought to create a dmz on a private plan and then create a 1: 1 nat ..
The firewall acts as a gateway, it has two wan networks, a lan network and on Monday I will create a dmz network
the two wan networks are one in ppoe (for the main operator) and the backup one configured on public ip. Both connections have only one public ip.
The virtual machine will have the role of webserver, and will have to connect via pinholes to the sql server on the lan, if it were not for this I would have opted for the Hot Lan.
Am I right to create dmz and nat 1: 1?
In DMZ
Share this post:
Responses (4)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
When I replied earlier, there was something in the back of my mind which I didn't check. Have a read of this. It looks like, for the ClearOS implementation of a DMZ you need multiple WAN IP's. I have a feeling that the document is a little outdated and that you can route a /32 subnet (single IP) through to a DMZ. -
Accepted Answer
Nick Howitt wrote:
When I replied earlier, there was something in the back of my mind which I didn't check. Have a read of this. It looks like, for the ClearOS implementation of a DMZ you need multiple WAN IP's. I have a feeling that the document is a little outdated and that you can route a /32 subnet (single IP) through to a DMZ.
I read that article four or five times before plunging headlong, unfortunately I only have one public IP available, on Monday I am at the customer's premises, with the office closed and I will make the necessary tests. Thanks Nick always very kind
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »