Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Transparent DMZ
From: "Lord Sporkton" <lordsporkton () gmail com>
Date: Fri, 5 Dec 2008 15:40:37 -0800

I am trying to use a cisco 2621 router as a firewall, it should have
an outside, inside and dmz, the dmz should be able to use public ips
on the machines behind it. If anyone is familiar with sonicwalls, just
like a sonicwall transparent dmz.

Currently what i have done is made my 3 interfaces, set ips on the
outside and inside, then bridged with irb bridging the outside and dmz
interfaces. the inside interface works fine however the dmz does not
seem to be able to pass traffic(at one point in time while i was
configuring this it did work, i just cant pinpoint when).
38.102.248.179 is my dmz host, and it can not get out to the internet
or receive connections.

thank you

!
bridge irb
!
!
!
interface FastEthernet0/0
 description outside
 ip address 38.102.248.178 255.255.255.248
 ip access-group outside_access_in in
 ip nat outside
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
 description inside/dmz
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 description inside
 encapsulation dot1Q 10
 ip address 172.21.16.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1.11
 description dmz
 encapsulation dot1Q 11
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 no ip address
!
ip nat inside source list nat interface FastEthernet0/0 overload
!
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 38.102.248.177
!
ip access-list standard nat
 permit 172.21.16.0 0.0.0.255
!
ip access-list extended outside_access_in
 permit tcp any any established
 permit icmp any any
 permit tcp any host 38.102.248.179
 permit tcp any host 38.102.248.178 eq www
 permit tcp any host 38.102.248.178 eq 4125
 permit tcp any host 38.102.248.178 eq 5900
 permit tcp any host 38.102.248.178 eq 443
 permit tcp any host 38.102.248.178 eq 444
 permit tcp 208.65.144.0 0.0.7.255 host 38.102.248.178 eq smtp
 permit tcp 208.81.64.0 0.0.3.255 host 38.102.248.178 eq smtp
 permit udp any eq domain any
 permit tcp any eq domain any
!
!

-- 
-Lawrence
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]