12-02-2009 08:29 AM
i have a juniper ssg20 firewall on which i wish to configure dmz and put in ftp for file transfer.
I need to be using the eth0/1 interface and i have got a pool of public ips from which i intent to use one. havent done this so far, would appreciate any help that i can get. totally new to networking.
can i give any ip address to the eth0/1 interface.is there anything else that i would have to setup on that interface.
also should i do the mip on the untrust interface, i tried doing it on the dmz one , but wouldnt allow me to.
the ultimate aim is to have the ftp server plugged into an internal switch which would be in the dmz vlan. and from there be able to allow only ftp services.
how would i do the policy. ,
that is from untrust to dmz would be for my incoming?
how about people on the internal lan being able to access that machine and put files onto that for transfer.
help very highly appreciated,
thanks in advance,
12-03-2009 10:06 AM
i understand the following :
attache server to dmz zone & access it from the outside
x.x.x.x/24: subnet used at dmz int
y.y.y.y/24: subnet used at untrust int
1# create a mip on untrust ointerface : mapped ip : real ip y.y.y.y , host ip : server x.x.x.x
2# create policy from untrust to DMZ : source any , dst mip(y.y.y.y) , service : ftp
3# put default route with next hop: untrust int