DMZ with SME and IpCop minihowto

Marcos Migliorini

DMZ with SME and IpCop minihowto

« on: May 15, 2003, 12:16:37 AM »

I am running SME server for about 2 years, (at this moment 5.6 U4 ver.) for FTP, HTTP, and mail server in a "server ang gateway" conf. Reading the security forums I found many advices about to install a DMZ configuration to improve the security of the internal (green) lan. I also found in this forum comments about to use IpCop or Smoothwall to perform a DMZ. I was searching this forum and the internet looking for a minihowto to perform a DMZ conf. with IpCop and SME, and I didn't found a really usefull info. I will appreciate if somebody could help me.
I think this info will be very usefull for many members of this forum.

Thanks in advance

Logged

Michael Smith

Re: DMZ with SME and IpCop minihowto

« Reply #1 on: May 15, 2003, 10:17:00 AM »

So you'll be putting this new firewall outside your current SME firewall or inside?

Logged

Norrie

Re: DMZ with SME and IpCop minihowto

« Reply #2 on: May 15, 2003, 01:51:06 PM »

> So you'll be putting this new firewall outside your current SME firewall or inside?
Inside (DMZ)

I think there is a a Howto but I can't find it. This might help meantime...

http://ipcop.no-ip.com/ipcsupport/modules.php?op=modload&name=XForum&file=forumdisplay&fid=8

http://marc.theaimsgroup.com/?l=ipcop-user&w=2&r=1&s=e-smith&q=b

N.

Logged

Marcos Migliorini

Re: DMZ with SME and IpCop minihowto

« Reply #3 on: May 15, 2003, 09:08:53 PM »

Thank you Michael and Norrie for your respond and links. Regarding the firewall stuff I have read on the internet, the ideal configuration is to use a firewall in a separate box between the internet conection and the DMZ, and another firewall box between the DMZ and the internal LAN. Also all the servers conected to internet should not be installed in the same firewall box. This is because in case the web server or ftp server etc was hacked this will not compromise the firewall and the LAN security.
First of all let me say that I love the SME server; this wonderfull piece of software reach all may networking requirements. The big advantage of having all the solutions in one box is wonderfull for home or small office use, but when you need to increase the security of the LAN, all in one box not sounds like a good idea, so I am traying to find a solution of this configuration with IpCop (or smoothwall) and e-smith.

Marcos

Logged