[[network:dmz]]
Differences
This shows you the differences between two versions of the page.
|
network:dmz [2010/11/03 11:39] tibor created |
network:dmz [2010/11/15 13:59] (current) mats |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| A DMZ (demilitarised zone) is a "neutral zone" between a private network (LAN) and the outside public network (Internet). You are recommended to put your externally accessible servers (e.g. web servers) on a DMZ, to isolate them from your LAN in case they get attacked. | A DMZ (demilitarised zone) is a "neutral zone" between a private network (LAN) and the outside public network (Internet). You are recommended to put your externally accessible servers (e.g. web servers) on a DMZ, to isolate them from your LAN in case they get attacked. | ||
| - | Machines on the DMZ are protected from the Internet by the firewall, using the same firewall rules as other interfaces. There is no protection / restriction of outgoing traffic, though. | + | {{:network:dmz1.jpg}} |
| + | |||
| + | Machines on the DMZ are protected from the Internet by the firewall, using the same firewall rules as other interfaces. There is no protection / restriction of outgoing traffic, though. PC-s on the DMZ have local IP addresses, but on a different subnet than LAN. | ||
| Machines on your LAN (and all interfaces set as “used as: inside") can access machines on the DMZ. **But machines on the DMZ cannot access your LAN!** Thus even if they get attacked, your LAN is still secure. | Machines on your LAN (and all interfaces set as “used as: inside") can access machines on the DMZ. **But machines on the DMZ cannot access your LAN!** Thus even if they get attacked, your LAN is still secure. | ||
| Line 9: | Line 11: | ||
| You select DMZ for a subnet on the [[:web GUI:Network page]]. | You select DMZ for a subnet on the [[:web GUI:Network page]]. | ||
| + | Read more: [[wp>Demilitarized_zone_(computing)|DMZ]] | ||
