I have an FTP server running in my DMZ that is accessible to the internet. However, I also have a fileserver running on the same server that can only be accessed from the internal side of the network. Since my FTP server is physically in the DMZ, my firewall filters all packets coming from the server to a request for files on the fileserver. In doing this process, it slows transfer speeds to about 20KBps instead of the normal 800-1000KBps that the rest of my internal network runs at. My question is, is there anyway to setup this server to be connected to both my DMZ and internal network via 2 seperate NICs/IP addresses and still keep security in mind since the FTP server is being exposed to the internet? I hope that doesn't sound too confusing. Let me know if I can answer any questions you have.
2007-01-11 07:18:03 · 2 answers · asked by iJunkie 1 in Computers & Internet ➔ Computer Networking
If the only service you want to supply is FTP, I would suggest putting the server behind the firewall and opening NAT pinholes to the internal address, (TCP ports 20 and 21) and then using the IP address of the firewall as the "FTP server" for the remote users.
Dual-homing the host with multiple NICs would work just fine, but you would be creating a potential serious security risk because if anything compromises the DMZ host, even with IP forwarding disabled, that host has direct access to the network that should be protected by the firewall.
2007-01-11 07:23:16 · answer #1 · answered by ZeroByte 5 · 1⤊ 0⤋
If you access it through the internet address it will be at the speed of your internet connection, if you need LAN speed, access it through it's internal address.
2007-01-11 15:25:11 · answer #2 · answered by Magaletso 2 · 0⤊ 0⤋