Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Spielo
Spielo Author
User level: Level 1
19 points

Isloate Two Networks

Hi all,

I have a couple of networks in my workplace, one is on a DMZ and is isolated from the rest of the network, the other is on a general office LAN. I'm looking to set up a server that needs to be accessible to other devices on the DMZ (to access content) and to devices on the LAN (for configuration/set-up).


If I connect a Mac with two NICs to both the DMZ and the LAN, is there a way to guarantee that devices that connect through the DMZ won't have access to any devices/content on the LAN.


The server will be a Mac mini running Lion, if anyone can suggest a way to achieve what I need to do I'd really appreciate it!

Posted on Nov 5, 2013 5:35 AM

Reply
Question marked as Best reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Posted on Nov 5, 2013 8:36 AM

The server will not automatically forward traffic between networks, so you don't have to do anything special.

View in context
4 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,529 points

Nov 5, 2013 11:03 AM in response to Spielo

Even easier: get rid of the DMZ.


If you're allowing connections from the DMZ into the private LAN, that may well result in an "escape path" from the DMZ into the LAN, whether through the data access path or due to some other weakness in the security of that computer.


While Linc is entirely correct as far as the default behavior goes, attackers very seldom keep servers at the default settings. Minimally, run a port scan from somewhere within the DMZ and see what TCP and UDP ports open on the bridging computer.

Reply

Isloate Two Networks

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up