View Single Post
Old 11th November 2005, 20:54
ggere ggere is offline
Junior Member
Join Date: Nov 2005
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts

We currently use a Cisco PIX firewall device for our firewall and NAT router, although pretty much any firewall device will suffice including another server acting as a firewall. We then block all ports by default and then "punch holes" through for services like ftp, web, email, with NAT redirects to the correct internal IP of the corresponding server.

I think this would be considered a safer setup than putting the servers in a DMZ zone as the entire range of ports on the server are open to potential attacks.

((Internet)) --> [Firewall/Router] <-- Port 21/ftp ---> [FTP Server]
                                 ^---- Port 80/http --> [Web Server]
Reply With Quote