Net Install of Debian Server on DMZ
-
I setup my DMZ interface and attempted to do a net install of a Debian webserver only to figure out I need FW rules. So looking into several Dr Google recommendations/suggestions or guides attempted over and over. I even attempted to setup rules via Basic Firewall Configuration Example - which was very confusing to me. Most often the time server stuff would not resolve or the package manager could not connect to mirror. I was able to setup one rule allowing DMZ.net to any basically. This allowed me to complete an install of Debian successfully but I am pretty sure its not a good set of rules.
So my question is what is a good secure DMZ rule set?
-
@digiguy said in Net Install of Debian Server on DMZ:
So my question is what is a good secure DMZ rule set?
The examples in your link are neat anyway. What's are your doubts?
But you have to adapt the settings to fit your needs. We don't know these.If you want the devices to request pfSense for say DNS and NTP you need to allow these protocols to the interface address only.
-
I'm pretty sure the rule below is not acceptable or secure however I am able to go through the install. My goal is to get through the net install and not have my LAN at risk.
-
@digiguy maybe something like
allow DMZ Net to This Firewall port 53 tcp/udp
reject DMZ Net to This Firewall
reject DMZ Net to LAN Net
allow DMZ Net to any/* -
@steveits Thank you! Those rules work! Now will try to understand why... :)
So much to learn, so little time!
