Steps to Create a DMZ??



  • Hi all

    I have a block of 8 IP address (/29) and currently have a private and a public (opt) network. My router is a PC with 4 network cards, 3 in current operation, WAN, LAN and OPT
    I would like to convert the (opt) public network to a private network (10.0 ..) but still offer services on the web.

    The idea is to have some kind of 'DMZ' area using the (10.0 .. ) ip range. This is to enable me to decouple the public ip/port addresses from any particular machine within the 'DMZ'. Hence I could run 3 services on each of my 5 public ip's and spread that load across 15 separate servers, each mapped to a particular public ip/port combination on the router/firewall.  I would also like to set-up test servers within the 'DMZ' network enabling me to simply switch the port mapping to put them live.

    Some of these servers will be Virtual Servers but I'm not anticipating any prohibitive issues there??

    Obviously I'm not a network person but I have worked in I.T for a number of years, I've had pfsense for about a year (although I've hardly touched it since setting it up) and am on my 2nd reading of the definitive guide.
    The book has given me a glimpse of lots of tools but I don't really know how to use them and particularly how to combine them. My head is full of the concepts Virtual IP's? Bridging? Port forwarding? etc etc.
    But I'm struggling to turn them into a practical solution and would rather not spend a week or more putting it all together.

    Can anyone please give me the high level (design) steps I need to take and the order I need to implement them on pfsense.  A pointer to a good article would also be fine.  Any detail would be appreciated but I do have the book and can reread sections as needed.

    Any advice  greatly appreciated

    Thanks in advance

    Charlie101


Log in to reply