Intel 9515 User Manual

DMZ Firewall Solution for the Express Router

07-12-99 Version 

1.0

6

This solution explains how to set up a DMZ solution when the Internet service provider (ISP) has
assigned a single IP address to your network.

Intel Express

Router

HTTP/FTP

(Web)
server

10.2.0.1

Mail
server
10.5.0.1

HTTP/FTP

proxy 
server

10.2.0.2

Secure LAN

10.5.0.0

LAN2 port

10.2.0.10

LAN1 port

10.5.0.10

Users

SMTP
server

10.2.0.3

News

 (proxy)

server

10.2.0.4

10.2.0.0

DMZ

News
server
10.5.0.2

Internet

DNS

server

194.25.6.4

News

(NNTP)

server

196.24.5.8

In the example, the DMZ network connects to the LAN2 port and is on the 10.2.0.0/16 subnet.
The LAN2 port has been assigned an IP address of 10.2.0.10. The secure private network
connects to the LAN1 port and is on the 10.5.0.0/16 subnet. The LAN1 port has been assigned an
IP address of 10.5.0.10.

The services available on the DMZ can be placed on a single server. If this is done, you

must configure NAT entries and filters accordingly.

Configure static routing as follows:

•

 

Configure static routing on the Internet connection, LAN1, and LAN2. This is done in
Advanced Setup by setting the Routing Protocol parameter to None/Static.

•

 

Define a static route on the WAN interface to the Internet. Use the default static route setting
(network address of 0.0.0.0 and netmask 0.0.0.0) as shown in the example below.

The devices on the DMZ have been assigned private IP addresses. You must set up NAT to
translate the private IP addresses on the DMZ to the external IP address assigned by the ISP. This
will map services (i.e. port numbers) on the external IP address to servers on the DMZ.