Grøn, rødt og oransje nettverk bak Smoothwall?

[Haaland]

Hei!

 

Jeg har en gammel PC med Smoothwall som deler ADSL-linja mi ut på nettverket. Den har to nettverkskort, det ene konfigurert som grønt (til lokalnettverket), og det andre konfigurert som rødt (til ADSL).

 

Poenget er at bak denne, har jeg en server med Windows 2000 Server på, som jeg bruker som domene/fil-server for det lokale nettverket. På denne PC'en kunne jeg gjerne tenkt meg å kjøre en web-server, men hvordan skal jeg gjøre det? Må jeg ha et tredje nettverkskort i Smoothwall-maskinen, som kjører det oransje nettverket, eller er det bare en innstilling som må gjøres? Hvordan skal jeg da få tilgang til de filene som ligger på fil-server fra de andre PC'ene i lokalnettverket? Hva skjer hvis jeg kjører web-serveren på det grønne nettverket, og hvorfor blir ikke det anbefalt?

 

Ole Morten

[Akke]

Fra help -> port forwarding under services i smoothwall. Svarer deg på alle spørsmål så vidt jeg kunne se.

 

-----------------------------------------------------

SmoothWall is able to forward incoming connection requests to machines that are behind it, on either the DMZ (ORANGE) network or on the local (GREEN) network. Those behind a dialup link probably do not require this feature, although it is still available to them.

 

Securitywise, it is extremely risky to put your externally visible servers on your GREEN network because a cracker who manages to break into such a server will afterwards have access to your entire local network. It is therefore prudent to use an additional network (a DMZ or De-Militarized Zone on the ORANGE interface), just for the purpose of serving external requests.

 

Note that the port will not automatically be allowed through, unless the port is allowed by the rules setup in the External Access page. This enables the user to filter forwarded ports, just like other external connections.

 

When an Internet host connects to this port, the connection will be forwarded to a host behind SmoothWall. The connection can be directed to any IP address and port. For example: suppose you wish to run a webserver behind your SmoothWall. The webserver is on your DMZ, at IP address 192.168.2.60. You would forward from port 80, connecting again to port 80 on the 192.168.2.60.

 

Clients on the local network are able to make outgoing TCP connections to hosts on the ORANGE network, but not the other way around. They are unable to partake in any UDP traffic whatsoever. This will still enable hosts on GREEN to contact web and mail servers on ORANGE without difficulty. To enable hosts on the ORANGE network to make restricted connections to hosts on GREEN, use the DMZ pinhole feature.