Net Install of Debian Server on DMZ

Reply to Net Install of Debian Server on DMZ on Wed, 29 Mar 2023 23:12:36 GMT

Digiguy — Wed, 29 Mar 2023 23:12:36 GMT

@steveits Thank you! Those rules work! Now will try to understand why... :)

So much to learn, so little time!

Reply to Net Install of Debian Server on DMZ on Wed, 29 Mar 2023 22:51:22 GMT

SteveITS — Wed, 29 Mar 2023 22:51:22 GMT

@digiguy maybe something like

allow DMZ Net to This Firewall port 53 tcp/udp
reject DMZ Net to This Firewall
reject DMZ Net to LAN Net
allow DMZ Net to any/*

Reply to Net Install of Debian Server on DMZ on Wed, 29 Mar 2023 22:39:09 GMT

Digiguy — Wed, 29 Mar 2023 22:39:09 GMT

I'm pretty sure the rule below is not acceptable or secure however I am able to go through the install. My goal is to get through the net install and not have my LAN at risk.

Reply to Net Install of Debian Server on DMZ on Wed, 29 Mar 2023 20:07:29 GMT

viragomann — Wed, 29 Mar 2023 20:07:29 GMT

@digiguy said in Net Install of Debian Server on DMZ:

So my question is what is a good secure DMZ rule set?

The examples in your link are neat anyway. What's are your doubts?
But you have to adapt the settings to fit your needs. We don't know these.

If you want the devices to request pfSense for say DNS and NTP you need to allow these protocols to the interface address only.