I am new to the world of networking and am having a hard time understanding what a DMZ is. I understand a DMZ is where you place publicly accessible servers such as Web servers, Mail servers, etc. What I am confused about is how a DMZ is setup. Please correct me if my understanding is incorrect.
- You have a router that is connected to the Internet
- Behind is router is a switch (I am unsure as to whether you can have a firewall instead)
- Behind the switch are the web and mail servers
- There is then a firewall which has 2 network interfaces one of which is connected to the switch
- The second interface is then connected to an internal switch
- Behind the internal switch are the LAN hosts such as PCs, Laptops, Printers, etc.
EDIT
Is it possible for a DMZ to be setup in the following manner as well?
- You have a router that is connected to the Internet
- Behind the router is a a firewall with 2 network interfaces one of which is connected to the router
- Behind the firewall is a switch with which the second interface is connected with
- Behind the switch are the publicly accessible web and mail servers
- There is a secondary firewall with 2 network interface cards one of which is connected to the switch
- The second network interface card is then connected to a internal switch
- Behind the internal switch are the LAN hosts such as PCs, Laptops, Printers, etc.
Think of a router/firewall with three interfaces: internet, internal, and DMZ. On the internet side you have your uplink. On the internal side, you have your non-internet facing or private hosts. On the DMZ interface you connect any hosts that are accessible directly from the internet.
http://www.shorewall.net/three-interface.htm