Topic: Multiple servers in DMZ

[alan]

I would like to set up a second server in my DMZ, but the router I am using (netgear DG834) only allows one IP to be used for a DMZ. Is this standard, ie. do I use the IP address for my DMZ as an address for a second router and add other servers to this router, or is there a cheap router I can replace my netgear with to allow me to add another server to my DMZ.

The second router seems like a sensible option, but as this is the first time I've tried to do this I thought it best to see if anyone else had any ideas first.

[electroman00]

I might suggest taking a look at Smoothwall or IPCop as
a firewall solution.

Excellent support on both forums.

www.smoothwall.org
www.ipcop.org

I might add that IPCop is a fork of the Smoothwall project.

2 or more network cards, the iso, a old pc, 30 mins. and your good to go.

A typical setup looks like this
http://awphuch2000.dyndns.org:1079/smoothwall/images/network.diagrams/red-green-orange.jpg

and other setups

http://community.smoothwall.org/forum/viewtopic.php?t=10709&highlight=network+diagrams

[cc_skavenger]

There are some cheap routers that do bridging like you want.  Compusa brand routers do it as well as smc barricades.

http://www.compusa.com/products/product_info.asp?product_code=313831&pfp=BROWSE


HTH

[Boris]

Alan,
DMZ definition in the residential routers is misleading. It is not a "Protected subnet with limited access", but instead it is "Wide open host with no restriction"

If you use single public IP address for your Internet connection, you can only forward/map one port(or range) from public to private host for each service. Any SOHO router (including yours NetGear) will do it. Just forget its DMZ option (don't use it) and forward your HTTP (80) port to your internal Web Server, e-mail SMTP (25) to your mail server (could be the same as first one) etc... If your services are on the different servers, then forward appropriate ports to corresponding servers.

[stiperstones]

Alan
What i have done for some company's i have installed a network is route through ip_cop and put the netgear into modem mode.
Ip-Cop contains three ethernet cards
green (which is the protected lan)
orange (which is your dmz zone each machine contains a static ip you will need a DNS server in this zone to steer which box is used for each service.)
Red (which is the WAN side of your network.ie open to internet)
 

My prefered method is to use a sme box to do all the work less setup cost's for the small customers.