Great Circle Associates Firewalls
(December 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: How - WWWServer on internal LAN to be made accessible on the NET?
From: "Stackpole, Bill" <BSTACKPO @ sla . com>
Date: Mon, 1 Dec 1997 08:17:27 -0800
To: "'giri @ symbols . com . sg'" <giri @ symbols . com . sg>, firewalls @ greatcircle . com


> -----Original Message-----
> From:	Giridhar Nayak [SMTP:GIRI @
 symbols .
 com .
 sg]
> Sent:	Wednesday, November 26, 1997 5:33 PM
> To:	firewalls @
 greatcircle .
 com
> Subject:	Re: How - WWWServer on internal LAN to be made
> accessible on the NET?
> 
> Hi Guys,
> 
> Thanks for the replies, Manuel & Bennet.
> 
> Please bear with me. I have a few more questions. 
> 1. How do I create the DMZ? 
> [Bill Stackpole]  Designate one Ethernet port on the router to be the
> DMZ segment
> 
> Internet
>    |
>    |
> +------------+
> |             |e1                     DMZ
> |  router  |--------------------------------------
> +-----------+ 
>    | e0  
>    |            Your internal network
> ---------------------------------------------------   
> 
> 2. How should the DNS be configured?
> [Bill Stackpole]  If the hosts on the DMZ need to do DNS point them to
> the ISP's DNS.
> Insert the DMZ host names into your internal DNS so your local hosts
> can find them and into the IPS's
> DNS so external hosts can find them.
> 3. How do I configure the router(cisco 4000) to allow only http
> traffic to the WWW server?
> [Bill Stackpole]  Use an extended access-list and only allow port 80
> traffic inbound to the DMZ
> 4. The WWW Server also has our mail server(Oracle InterOffice). If I
> put the WWW Server in
> the DMZ, what is the compromise on the security of the InterOffice
> database?
> [Bill Stackpole]  I'd move the mail service to another server.
> 
> Thanks & Regards,
> Giri
> 
> Giridhar Nayak,
> System Access Pte. Ltd. (http://www.systemaccess.com)
> Tel: 65. 3334533 	 Fax: 65. 3334133
> Email: giri @
 symbols .
 com .
 sg
> ===========================================
>     << Message: RE: How - WWWServer on internal LAN to be made
> accessible on the NET? >> 

Indexed By Date Previous: Re: Dial-out modem pool
From: fw-list @ dart . org
Next: RE: NAT Security / static mapping
From: "Stackpole, Bill" <BSTACKPO @ sla . com>
Indexed By Thread Previous: Re: Dial-out modem pool
From: D Cathro <david @ loka . co . nz>
Next: RE: NAT Security / static mapping
From: "Stackpole, Bill" <BSTACKPO @ sla . com>

Google
 
Search Internet Search www.greatcircle.com