I had been curious about implementing a DMZ for some time but I really did not have a use for one. My previous network layout was a standard edge network with two firewalls, a router/firewall and a ISA firewall. Recently I have been playing with a variety of linux packages who eventually will need constant exposure to the internet so a DMZ would became a logical upgrade. Since I had recently installed a third NIC on my SBS server, I could use ISA to manage the perimeter network.
To setup this network I went to Tom Shindler’s ISAServer.org site and browsed his documentation on setting up a DMZ using a ISA server. Although there are several documents on setting up DMZ segments, the document I used was Publishing Servers on a ISA Server 2004 Firewall Public Address DMZ Segment. I followed the directions and only changed the outbound protocols. For my network I want to pass ftp, http, https, ntp, ping, and smtp from the DMZ to Internet. At this point in time I do not need to allow inbound internet access to the DMZ but I will allow full inbound access from the internal network. I will leave that as a future project. I did change my access rule for the Protected Networks as recommended by Amy in DMZ – SBS special considerations.
The DMZ network is now up and running. I have one linux server running on the DMZ. It is running Groundworks and is connected via the ultimate low cost hub, a cross-over cable. So far there are no gotchas!