mailing list archives
Re: DMZ / Firewall rule diagramming
From: Michael Gale <michael.gale () bluesuperman com>
Date: Sun, 05 Dec 2004 19:26:16 -0700
Check out some firewall appliances ... most of them have some sort of
For example I used the following:
Connections from Internal to the DMZ are allowed if they match one of
the forward rules on the firewall.
The forward rules only allow packets from sources addresses to
destination addresses on specific ports which are ruled to be a business
For connections coming from the DMZ to the internal network which are
required for business (Example. Postfix SMTP server to forward mail on
to Exchange). The DMZ server connects to a proxy or a NATing rule.
DMZ server never know the IP of a internal server, the DMZ network has
the same relations with the internal network as the external network
does with the DMZ.
So the DMZ mail server would connect it port 25 on the firewall and that
traffic would get forwarded to the Exchange server.
That is the standard that I use ... was this what you were looking for ?
Craig Humphrey wrote:
Can anyone point me at some resources on how to diagram firewall rules?
Every time I talk to another engineer, they want it in a different
format... It's driving me nuts! So I'm looking for something reasonably
standard that I can at least use internally, if not force on the