You are tasked with writing rule sets for two firewalls that protect your network and form a DMZ. All traffic from your internal network to the Internet passes through the DMZ. All servers that are accessible from the Internet reside inside the DMZ. All computers inside the network (internal network and DMZ) have private IP addresses. All traffic to and from the Internet passes through a NAT device which is located just inside the perimeter firewall. All computers on this network are Windows computers
Servers in the DMZ
Service Public IP Address Private IP Address Comments
HTTP/HTTPS 200.100.100.10 192.168.20.10
FTP 200.100.100.11 192.168.20.11
DNS 200.100.100.12 192.168.20.12 Uses TCP for zone transfers, services DNS lookup requests from all computers in the internal network and DMZ
Email 200.100.100.13 192.168.20.13 SMTP
Proxy 200.100.100.14 192.168.20.14 Not accessible from the Internet. Client computers connect to the proxy service on port 8080
Clients on the internal network: All user workstations access web sites via the Proxy server. There are three different internal subnets: 10.10.10.0/24, 10.20.20.0/24 and 10.30.30.0/24. Computers on the 10.10.10.0/24 subnet may access FTP servers on the Internet. Computers on the 10.20.20.0/24 network may access an SSH server on the Internet with the IP address 220.20.30.110. All computers on the internal network may access the company's Email, DNS, FTP and web servers that reside in the DMZ.
Computers on the three internal subnets use dynamic NAT pools as follows when making connections to the internet.
Private IP address range NAT Pool
10.10.10.0/24 200.200.200.50 through 200.200.200.100
10.20.20.0/24 200.200.200.101 through 200.200.200.150
10.30.30.0/24 200.200.200.151 through 200.200.200.200
Answer the following:
(1)Write the two rule sets for the two firewalls that will allow only the traffic described to flow.