[ale] Proper way to setup DMZ LAN

Scott Castaline skotchman at gmail.com
Sat Mar 25 16:40:13 EDT 2017


So I would put the DMZ on the front or first LAN and then everything 
else on the back or second LAN? And also the DMZ is a single device and 
not the LAN itself? What if I have multiple DMZs on the first LAN can I 
do that?


On 03/25/2017 12:30 AM, Alex Carver wrote:
> On 2017-03-24 21:05, Scott Castaline wrote:
>> Okay I've had the cable pulled in my house I was able to unbrick an
>> older ASUS router which is running ASUSWRT-Merlin which has the radios
>> shutoff for the access part of it. Many years ago I remember setting up
>> several dual LANs, the first LAN was unsecured and all of the web facing
>> gear was on that. Then a second router with LAN to LAN interfaces which
>> connected to LAN 1 and LAN 2 was off of this router and was a secured
>> network. I thought this what a DMZ was, but on google searching DMZ
>> structure I'm finding that the DMZ is a single server by itself. The
>> other thing that I'm finding is that the secured LAN is on LAN 1 and the
>> DMZ is on LAN 2. That doesn't make sense to me.
>>
>> Can anyone enlighten me with what would be the correct way of doing this?
>>
>>
> You can make up a DMZ using a three port router or you can daisy chain
> two routers with the link between them being the DMZ.  Your LAN would
> hang off the back router farthest from the WAN.
>
> Either way you're just setting up a bunch of packet filter and routing
> rules.  The advantage of the dual router approach is that it would
> theoretically be harder to break into your LAN because two routers would
> need to be compromised.
>
> A single router approach needs a router that can handle all traffic.
> The dual router approach only needs enough horsepower on the front
> router to handle the traffic.  The back router, in theory, sees less
> traffic.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
Sent to you and NSA, CIA, FBI, SS, DHS and GOD only knows who the hell else...



More information about the Ale mailing list