+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member
    Join Date
    Jul 2009
    Location
    NC
    Posts
    131

    Certifications
    B.S. in Engineering, 10 Years in I.T., Working on CCNA--Need to find the $$ for the exam, lol
    #1

    Default "DMZ" on 2600 Router..

    What's the best way to go about basically creating a "DMZ" host on a 2600 or 1700 series?

    On the internal network I'll have one computer that's a webserver, one that's FTP, a bunch (10-20) of regular internet users who just need typical NAT, then they're wanting one IP address to have all other traffic directed to it..basically like the DMZ port is on one of those cheap-o routers.

    I can't figure out the best way to do this.. I thought about adding another wic-1enet and trying to route traffic to it that but wasn't really sure how to really go about it. The other option is of course to just keep the 2 ethernet ports that are there now and somehow route all unknown traffic to the particular IP address that is considered the dmz host then of course setup a dhcp reservation for that pc to always get the ip address that's designated for all that traffic.

    Any ideas on how this would actually work? i'm sure the port range command in extended access lists would be part of it but not sure of all the details..
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member hypnotoad's Avatar
    Join Date
    Dec 2007
    Posts
    915

    Certifications
    BS&MS-CompSci, CCNA, CCNP, Hyper-V, CCAI
    #2
    Lacking another ethernet interface, perhaps you could put the DMZ servers in their own VLAN and then set ACLs to only allow the services you want.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jul 2009
    Location
    NC
    Posts
    131

    Certifications
    B.S. in Engineering, 10 Years in I.T., Working on CCNA--Need to find the $$ for the exam, lol
    #3
    Quote Originally Posted by hypnotoad View Post
    Lacking another ethernet interface, perhaps you could put the DMZ servers in their own VLAN and then set ACLs to only allow the services you want.
    Yeah, that's more or less how I was going to do it for known services. For some reason he wanted all "unknown" traffic to go to a particular IP address as well, like the DMZ port does on other cheapo routers. Ah well, the client decided not to go forward with a new router soo project is off for now anyways.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks