Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


DMZ Firewall

The DMZ solution is used to protect a separate network of public IP addresses. Typically, a third network card is used exclusively for the DMZ network.

  • If you are configuring a few extra public IPs (not a whole network), then go to the 1 to 1 NAT section of the User Guide.
  • If you are configuring a separate private network (192.168.x.x or 10.x.x.x), then investigate Hot LANs in the IP Settings section of the User Guide.

Installation

If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

Network|Firewall|DMZ

Configuration

Network Configuration

Before you can use the DMZ firewall configuration, you need to configure one of your network cards with the DMZ role. In our example, we used the network settings tool to configure a third network card (eth2) with the following:

  • Role: DMZ
  • IP Address: 216.138.245.17
  • Netmask: 255.255.255.240
  • Network: 216.138.245.16/28

All the systems connected to this third network card can then be configured with an IP address in the 216.138.245.18 to 216.138.245.30 range.

Incoming Connections

By default, all inbound connections from the Internet to systems on the DMZ are blocked (with the exception of the ping protocol). You can permit connections to systems on the DMZ by allowing:

  • all ports and protocols to a single public IP
  • all ports and protocols to the whole network of public IPs
  • a specific port and protocol to a single public IP

Pinhole Connections (DMZ-to-LAN)

content/en_us/6_dmz_firewall.txt · Last modified: 2015/03/02 15:14 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A6_dmz_firewall&1710827777