NS25 DMZ and Untrust within same subnet

[sunnycheung]

Dear all,

I have one NS25 at data center, I want to put the public Web server at DMZ and another private Web server at Trust

My question is, my Untrust and DMZ is in the same subnet, how can i specify which range of IPs is in DMZ

Seems I need transparent mode for it, but from the manual, transparent mode is for whole device, which include Trust Zone, I am hust confusing with these.

Any Ideas ?

Thx
Sunny Cheung

 

[nossah]

I would put the Trust and DMZ interfaces in NAT mode. I would then setup the Trust and DMZ interfaces with different private address schemes.

For example:
Trust - 192.168.1.X/24
DMZ - 192.168.2.X/24

Then you will need to add a MIP(Mapped IP) to the webserver in the DMZ and another MIP for the webserver in the Trust. You do that from the Untrust interface.

For example:
Mapped IP - 66.55.44.33 (enter your IP)
Subnet - 255.255.255.255
Host IP - 192.168.1.5 (DMZ Webserver)

Mapped IP - 66.55.44.34 (enter your IP)
Subnet - 255.255.255.255
Host IP - 192.168.2.5 (Trust Webserver)

If you want to use only Public IP's then put all interfaces in Route mode. You will need to specify a specific the DMZ and Trust interfaces IP addresses by the subnet. Here is a site that will help you with that.

http://www.telusplanet.net/public/sparkman/netcalc.htm