I don't know much about setting up DMZ but from what I read in the OpenSUSE docs, putting a network interface in the DMZ zone allows reaching it from both external and internal networks while restricting it from reaching the internal zone itself. I've just tried this and it appears that I can still ping the internal network from this server even though it's interface is in the DMZ.
Asked
Active
Viewed 133 times
1 Answers
1
Your firewall rules are wrong. Remove the rules allowing traffic to be initiated from the DMZ to your internal network.
EEAA
- 109,363
- 18
- 175
- 245
-
I didn't add any such rules. This is just a virtual server and in yast, I set the interface zone to DMZ. – Patrick Grimard Apr 19 '14 at 13:06
-
Well then you need to add rules on your network firewall to restrict traffic as you wish. – EEAA Apr 19 '14 at 13:07