Blog

2009/03/22

Switch LAN and DMZ

Today was the day. I decided to switch the LAN and DMZ networks from the ports on my router and the address ranges. I hesitated because Squid threw a problem. Some sites were not reachable. I figured out that they were all https related. Google did not help much so I took out the PREROUTING of the https from the firewall. All https requests go now directly to the internet. This will work for the moment.

Now it was time to do the preparational work. I changed the computers with fixed IP addresses to use their new one. I also changed the configurations of DHCP, DNS, and Squid. I went to the router and changed the cables of the LAN and DMZ. After that I restarted the server with DHCP, DNS, and Squid. If not I would not be able to reboot my router. The firewall in there uses DNS to set some rules. The server booted well and the IP address was correct. The rebooting of the router went well too. I checked the configuration through ssh. This failed the first time because the router was in the known_hosts file with a different IP address. Just clearing this file solved the problem. Now it was time to activate the LAN. The old server rebooted without a problem. All was right except... I had no connection to other servers. I checked and double checked all configurations. Nothing was wrong. A quick look at my router taught me that the light for the LAN was not on. When I changed the cables I disconnected the cable of the LAN on the switch of the LAN by accident. When I connected it again everything was all right.

Except for the cable problem the whole operation went smooth. The coming days I will have to solve the problems that come up but the whole environment works as before. It is now more secure than before. I am still a long way from my goal but I can do this now more easy bit by bit then before.