Internet Related/Filtering/Firewall Thread, How Do I Test A 'DMZ' Firewall ?. in Technical; I have just built a new 'Smoothwall box' with a DMZ for my home network and NAS http://www.edugeek.net/forums/nix/97...tml#post854030 .
13th July 2012, 11:14 PM #1
How Do I Test A 'DMZ' Firewall ?.
I have just built a new 'Smoothwall box' with a DMZ for my home network and NAS Home NAS With Raid1.
I have a set of private IP address's and have my router set up for 'non nating' this feeds the smoothie box, a 'green' out for my home network, 'purple' for 'wifi' and 'orange' for DMZ
Any advice please, I need some advice on testing the DMZ and any setting up for a secure connection as I have not used one before.
14th July 2012, 08:55 AM #2
Secure connection from what to what?
What's in the DMZ?
If your not using NAT, are you just using the smoothwall for proxying?
Do you have a static public external IP?
not sure what all the colours are about
14th July 2012, 11:21 AM #3
Colours are basically just as easy way to remember what each interface is for. Red = bad = WAN. Green = good = LAN...
To test just go to your PC in the DMZ and try to access your LAN. Unless you have specified a rule allowing access on a certain port/IP you should not be able to get to anything on your LAN.
I've used Smoothwall at home for years. Unless you have been a complete tool there is little to worry about, smoothwall is pretty foul proof in it's basic setup.
Don't know what you mean by a secure connection though. Do you mean what ports do you open to access your DMZ from your LAN and visa versa? Well that depends on what services you are running. Heres a list of default ports, you will probably want SMB for windows shares and http/https for www
Last edited by j17sparky; 14th July 2012 at 11:24 AM.
14th July 2012, 09:09 PM #4
Thanks for your help.
Re..."Secure connection from what to what?" The main aim is to have an automatic backup system for my daughters laptop when she goes to uni in September (see link in first post), so it will be a ssh connection over the internet from her laptop via my static IP address via smoothwall DMZ to the backup server.
This is all Linux set up .
On smoothwall box is installed as 'half open', I'm not sure about the DMZ will it block everything until I open one port for my ssh connection ?.
Instead of using port 22 for ssh I was going to use a higher number (thanks for list link), now if I pick a higher number must it be one that no one else use's ?.
Is it a good idea just to use the backup server in the DMZ just for the sole purpose of holding my daughters laptop backup or can I use it as you say with a port open from my Lan so I can store backups off our home computers ?, or will that be a security problem.?
14th July 2012, 09:34 PM #5
- Rep Power
I'd just stick a Linux box on the LAN side, move SSH to a port like 2233 and NAT it. So long as the SSH password is strong, you shouldn't even have a problem on default port 22, but I like to move it just in case.
15th July 2012, 09:23 AM #6
Do you have a static IP?
I always move SSH of port 22 for machines on the internet, best achived with port translation on the firewall.
What are you going to use for the actual backup? You need something that does not do a full backup but versioning of some sort.
15th July 2012, 11:23 PM #7
re, "Do you have a static IP?" Yes see post 1 and 4 above !.
re, "What are you going to use for the actual backup?" luckyBackup - backup and sync utility which is the GUI for 'rsync'
By ninjabeaver in forum General Chat
Last Post: 28th July 2013, 11:03 PM
Last Post: 28th February 2012, 02:52 PM
By bandgeekmafia78 in forum Windows Server 2008
Last Post: 28th November 2011, 11:11 AM
By ChrisH in forum General Chat
Last Post: 5th July 2005, 01:31 PM
By Dos_Box in forum General EduGeek News/Announcements
Last Post: 20th June 2005, 11:32 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)