Intel 9525 User Manual

DMZ Firewall Solution for the Express Router

07-12-99 Version 

1.0

3

This document explains how to configure a secure Internet solution using the second LAN
interface of the Intel



 Express router as a DMZ. The DMZ setup is explained through the use of

two example solutions, a Single IP Address Solution and Multiple IP Address.

It assumed that you have a solid understanding of networking concepts and experience in using
the Express Router.

[1] Intel Express Router User Guide

The user guide for your router explains in detail the basic configuration procedures used in
the set up of the DMZ.

[2] Brent Chapman, Elizabeth D. Zwicky, “ Building Internet Firewalls”, 1995 O’Reilly &

Associates. ISBN: 1-56592-124-0

For an Intel Express Router having two LAN ports, you can setup a DMZ (DeMilitarized Zone)
to increase security on your private network. A DMZ is a network off one of the LAN ports that
acts as a kind of buffer between the external (public Internet) network and your secure network
on the other LAN interface. The DMZ gives access to services required from both the external
network and the secure network. The services are typically HTTP/FTP (Web) servers for public
access, an HTTP/FTP proxy server, an SMTP server and a News (proxy) server. Mail servers and
News servers for internal use are placed on the secure network. Through the use of IP filters, you
prohibit access from the Internet to your secure network while still providing access to services
on the DMZ.

Intel Express

router

Demilitarized Zone

Internet

Http/FTP

(Web)
server

File
server

Http/FTP

proxy

server

Main LAN

IP filters on the router

 block unwanted traffic

destined to the main LAN

Internet users are allowed

to access your Web

and FTP servers

192.168.151.0

192.168.152.0

LAN2 port

LAN1 port

PC

PC

News
proxy
server

SMTP
server

Mail
server