HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Proper ISP Hardware Configuration? (http://www.howtoforge.com/forums/showthread.php?t=1225)

jims2321 11th November 2005 18:49

Proper ISP Hardware Configuration?
 
This will sound stupid... But what are most members using as their firewall/router for their ISP setup? I have (and maybe I have just overlooked it) seen only setups involving the web/ftp/dns but there are no setups describing the proper hardware/network configuration for a DMZ setup. Correct me if I am wrong, but anybody who allows an ISP or other party to control their firewall is asking for trouble.

I am looking at using ISPconfig, on a new server that I have, but it and the mail, ftp, www server will sit in a DMZ zone, and the internal network will also be behind the firewall. Anybody else doing something similar?

Jim

Mahir 11th November 2005 19:51

Wel u can disable the ispfirewall and just use ur own one as long as u open all the ports that are needed i am making currently 2 servers 1 with use of ispconfig and one for a company that has a hardware firewall and i have totally no problems.

And about dmz zone i run ispconfig at a home server for testing and that is in a dmz zone this is also noproblem.

ggere 11th November 2005 19:54

We currently use a Cisco PIX firewall device for our firewall and NAT router, although pretty much any firewall device will suffice including another server acting as a firewall. We then block all ports by default and then "punch holes" through for services like ftp, web, email, with NAT redirects to the correct internal IP of the corresponding server.

I think this would be considered a safer setup than putting the servers in a DMZ zone as the entire range of ports on the server are open to potential attacks.

Code:

((Internet)) --> [Firewall/Router] <-- Port 21/ftp ---> [FTP Server]
                                ^---- Port 80/http --> [Web Server]



All times are GMT +2. The time now is 19:22.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.