How to create a DMZ for web server?

What are the practical steps needed to place a web server in a DMZ? Currently our web servers are using SNAT with the ports forwarded which I do not think is very safe.


  • edited July 22

    A DMZ is just a separation from your trusted LAN.
    Set up an Optional interface and move your server there - it will be a DMZ.
    You will still need SNATs to allow access to the server from the Internet, wherever it is.
    Why do you fell that the SNAT access is not secure?

    Best practice for a DMZ is that devices on trusted can access devices in a DMZ but devices in a DMZ can't access devices devices on trusted. While this often can not be fully implemented, it is best to limit as much as possible the DMZ to Trusted access.

Sign In to comment.