Firewalls: NNTP server in DMZ?

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	NNTP server in DMZ?
From:	Joe Doetzl <doetzl @ coop . crn . org>
Date:	Thu, 05 Jun 1997 07:55:42 -0500
To:	firewalls @ greatcircle . com
Reply-to:	doetzl @ coop . crn . org

I have a customer who wishes to install a NNTP server.  It is likely
that they will host internal newsgroups that will need to be protected.
The internal network is in the address range reserved for private
internetworks.  They are using SOCKS for access from the internal
network to the Internet.  Traffic to the DMZ is limited to ftp, http,
dns, smtp and ntp.

With that in mind is it possible to put the NNTP server on the inside
and still get a feed from an upstream provider?  This solution would
eliminate the need for SOCKSified nntp clients. 

Or should the NNTP server be placed in the DMZ with a registered IP and
FQDN and the clients access it via SOCKS?

I have a hunch that perhaps NAT would provide an even better solution?

Thank you,

--Joe

Follow-Ups:

Re: NNTP server in DMZ?
From: "Timothy D.J. Hunt" <timh @ nac . net>

Indexed By Date	Previous:	Re: Plug-gw- One to many relationship From: Anton J Aylward <anton @ the-wire . com>
Indexed By Date	Next:	client can't reach port 82 From: Robert Laird <rlaird @ panenergy . com>
Indexed By Thread	Previous:	Re: FW-1 and IP Forwarding on NT Box From: "David Harvey-George" <david @ threewiz . demon . co . uk>
Indexed By Thread	Next:	Re: NNTP server in DMZ? From: "Timothy D.J. Hunt" <timh @ nac . net>