You are tasked with writing rule sets for two firewalls which protect network and form a DMZ. All traffic from internal network to Internet passes through DMZ. All servers which are accessible from Internet reside inside DMZ. All computers inside network (internal network and DMZ) have private IP addresses. All traffic to and from Internet passes through NAT device which is situated just inside perimeter firewall. All computers on this network are Windows computers
Servers in the DMZ
Service Public IP Address Private IP Address Comments
HTTP/HTTPS 200.100.100.10 192.168.20.10
FTP 200.100.100.11 192.168.20.11
DNS 200.100.100.12 192.168.20.12 utilizes TCP for zone transfers, services DNS lookup requests from all computers in internal network and DMZ
Email 200.100.100.13 192.168.20.13 SMTP
Proxy 200.100.100.14 192.168.20.14 Not accessible from Internet. Client computers connect to proxy service on port 8080
Clients on internal network: All user workstations access web sites via Proxy server. There are three different internal subnets: 10.10.10.0/24, 10.20.20.0/24 and 10.30.30.0/24. Computers on 10.10.10.0/24 subnet may access FTP servers on Internet. Computers on 10.20.20.0/24 network may access SSH server on Internet with the IP address 220.20.30.110. All computers on internal network may access company's Email, DNS, FTP and web servers which reside in DMZ.
Computers on three internal subnets use dynamic NAT pools as follows when making connections to internet.
Private IP address range NAT Pool
10.10.10.0/24 200.200.200.50 through 200.200.200.100
10.20.20.0/24 200.200.200.101 through 200.200.200.150
10.30.30.0/24 200.200.200.151 through 200.200.200.200
Reply the following:
Write down two rule sets for two firewalls which will permit only traffic described to flow.