61
15.1 Legacy Series / Re: DMZ setup
« on: May 17, 2015, 11:19:02 pm »
Thanks Chol,
yes the box/board is not the latest and greatest but will probably work fine for me here as I don't have many users or much traffic. It's also low power and quiet :-)
In my main office I have a DL360G5 to play with..... noisy little beast and probably overkill for the job but will be perfectly adequate again.
I have a server that runs my mail, some simple web stuff plus local file storage. In the past I have set it on a DMZ for the external services, but in reality this is probably not the best thing to do for security.
I think the 1to1 mapping is probably what I am looking at as a direct replacement - all external inbound traffic forwarded to one IP address. However as I want the Opnsense box to run my VPNs I note that it says :
"If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function. "
So in my case I may be better to use port forwarding for just the ports the server requires for external access.
I'll go have a play :-)
B. Rgds
John
yes the box/board is not the latest and greatest but will probably work fine for me here as I don't have many users or much traffic. It's also low power and quiet :-)
In my main office I have a DL360G5 to play with..... noisy little beast and probably overkill for the job but will be perfectly adequate again.
I have a server that runs my mail, some simple web stuff plus local file storage. In the past I have set it on a DMZ for the external services, but in reality this is probably not the best thing to do for security.
I think the 1to1 mapping is probably what I am looking at as a direct replacement - all external inbound traffic forwarded to one IP address. However as I want the Opnsense box to run my VPNs I note that it says :
"If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function. "
So in my case I may be better to use port forwarding for just the ports the server requires for external access.
I'll go have a play :-)
B. Rgds
John