Topic: Establish DMZ

[Joel Thompson]

Hello all,

I use my SME server (v.5.5) to share internet connection through my LAN and as e-mail server, webserver, and so on.

I need to establish a DMZ to my laptop. (known as w3.univi.com) So it throughputs all ports. My laptop only connects directly to the server and recieves a dynamic IP address.

Can anyone please help me with this? I do not know how to do it. Im pretty new to the Linux system, so I don't know a lot.

Regards,

Joel Thompson,
Norrkoping, Sweden.

[Boris]

DMZ is used for the public servers that need to be isolated from the rest of the protected network.
What kind of servers you planning to run on this laptop?
You may achieve the same result by forwarding few necessary ports to your laptop. You may get better help here if you specify more details on what you are trying to do.

[Doug M.]

I must echo, bad idea. Port forward the few ports you need. I you are insistant though http://www.tldp.org/HOWTO/Bridge+Firewall+DSL.html might be what your looking for.

[SloopJohnB]

My basic understanding of the web-interface makes me think of two possibilities: 1)setup hostname pointing the w3.xxx.com to the mac address (ethernet address) or 2) port forward the the needed ports to the ip address and set your laptop up with a static IP outside the DHCP range. I agree that port forwarding is the better solution so your laptop doesn't get hit with attacks from naughty hackers!
SloopJohnB

PS. If the first suggestion, please chime-in and let me know...SJB

[Joel Thompson]

Oh, I need the DMZ for my SIP telephone. I need the laptop to have the possibility to send and recieve data through ports i do not know. These software programs uses so many different ports. I would have no chance of knowing them all. In addition to the 10000-10004 and 5060, all different softwares uses their own software specific ports. (Possibly, i will connect a TA device to handle the SIP.)

This is why i think that i can not only foreward a few ports.

In my server manager, i have some "port opening" blade installed. I does not foreward port to a single computer, as far as i know. Maybe port forwarding is better?

[Joel Thompson]

I have looked at this howto, but it does not talk to me so i completly understand it.

[Boris]

If port forwarding (not port opening) doesn't fit your needs, you may be better of with one of the unexpensive routers/gateways for this. You can assign your laptop to be in the virtual DMZ and frward a few ports for web, e-mail, ssh etc. to you SME server. You will need to change it(SME) to server only mode and hide it behind this new router/firewall. In the US routers of this type can be purchased for $30-40 dollars and may save you a lot of time.