Proper ISP Hardware Configuration?

[jims2321]

This will sound stupid... But what are most members using as their firewall/router for their ISP setup? I have (and maybe I have just overlooked it) seen only setups involving the web/ftp/dns but there are no setups describing the proper hardware/network configuration for a DMZ setup. Correct me if I am wrong, but anybody who allows an ISP or other party to control their firewall is asking for trouble.

I am looking at using ISPconfig, on a new server that I have, but it and the mail, ftp, www server will sit in a DMZ zone, and the internal network will also be behind the firewall. Anybody else doing something similar?

Jim

[Mahir]

Wel u can disable the ispfirewall and just use ur own one as long as u open all the ports that are needed i am making currently 2 servers 1 with use of ispconfig and one for a company that has a hardware firewall and i have totally no problems.

And about dmz zone i run ispconfig at a home server for testing and that is in a dmz zone this is also noproblem.

[ggere]

We currently use a Cisco PIX firewall device for our firewall and NAT router, although pretty much any firewall device will suffice including another server acting as a firewall. We then block all ports by default and then "punch holes" through for services like ftp, web, email, with NAT redirects to the correct internal IP of the corresponding server.

I think this would be considered a safer setup than putting the servers in a DMZ zone as the entire range of ports on the server are open to potential attacks.

Code:

((Internet)) --> [Firewall/Router] <-- Port 21/ftp ---> [FTP Server]
                                 ^---- Port 80/http --> [Web Server]