This tutorial explains how to setup a DMZ for Web Server. Web Servers work on TCP port 80. The following details the procedure to setup a DMZ with a web server. Assign the LAN network address with 192.168.1.0/24 and the DMZ network as 192.168.2.0/24. Configure the E1 IP address as 192.168.1.1/24 and E0 as 192.168.2.1/24. Configure the web server address as 192.168.2.2. Configure static NAT on the router, with the public IP address of the server to be mapped with the internal server address of 192.168.2.2.
The following steps are followed for restricting access to the server on the DMZ from the outside network
1.Configure an ACL which would allow all traffic from the 192.168.1.0/24 network to 192.168.2.0/24 network.
2.Configure an ACL which would allow only TCP traffic to port 80 from any network to the IP address of the server which is 192.168.2.2.
3.Deny all other traffic.
4.The above three rules are mapped with a single ACL with a specified number.
5.The ACL is configured as outbound on the E0 interface.
The above ACL configuration would ensure that the LAN network has completed access to the DMZ network, and only TCP traffic to port 80, which is the http server service, is allowed for all other networks.
This is a sample content from book DMZ NETWORK DESIGN
Ebooks & Guides – Click here