DMZ Firewall Solution for the Express Router
1 Introduction
1.1About This Document
This document explains how to configure a secure Internet solution using the second LAN interface of the Intel® Express router as a DMZ. The DMZ setup is explained through the use of two example solutions, a Single IP Address Solution and Multiple IP Address.
It assumed that you have a solid understanding of networking concepts and experience in using the Express Router.
1.2References
[1]Intel Express Router User Guide
The user guide for your router explains in detail the basic configuration procedures used in the set up of the DMZ.
[2]Brent Chapman, Elizabeth D. Zwicky, “ Building Internet Firewalls”, 1995 O’Reilly & Associates. ISBN:
1.3What is a DMZ
For an Intel Express Router having two LAN ports, you can setup a DMZ (DeMilitarized Zone) to increase security on your private network. A DMZ is a network off one of the LAN ports that acts as a kind of buffer between the external (public Internet) network and your secure network on the other LAN interface. The DMZ gives access to services required from both the external network and the secure network. The services are typically HTTP/FTP (Web) servers for public access, an HTTP/FTP proxy server, an SMTP server and a News (proxy) server. Mail servers and News servers for internal use are placed on the secure network. Through the use of IP filters, you prohibit access from the Internet to your secure network while still providing access to services on the DMZ.
| 192.168.151.0 | ||
| Demilitarized Zone | ||
| Http/FTP | Http/FTP | News |
| (Web) | ||
| proxy | ||
| proxy | ||
| server | ||
| server | ||
| server | ||
|
| ||
|
|
| |
|
|
| SMTP |
Internet users are allowed |
|
| server |
| 10/100 |
| |
to access your Web |
|
|
|
and FTP servers |
|
|
|
|
| LAN2 port | |
192.168.152.0
Main LAN
File | ||
server | ||
server | ||
|
LAN1 port
Intel Express
router Internet
IP filters on the router block unwanted traffic destined to the main LAN
10/100 
PC
PC
Version 1.0 | 3 |