Hi all,

I've recently purchased a Cisco 877 with the advanced os to act as a secondary internet gateway for a small business to free up some fibre bandwidth.

I'd like to be able to use the DMZ function as advertised to connect a hardened linux gateway to for web proxy and many other features.

Now as I understand it, a DMZ is completely open to the net, ie- all ports forwarded and this is what I'd like to do. I'd rather not have to use port forwarding for every single service on the dmz interface...otherwise it wouldn't really be a "dmz"- although a single "forward all" command would be OK.

I believe that it's possible to do this by creating a new vlan and assigning it to an extra interface port. I don't need to run DHCP on it and I only need to connect the one gateway device to this interface.

Try as I might, I cannot find any walkthroughs to setup such a thing anywhere.

Can anyone give me some insight into this? I don't want to have to use the SDM as it seems to be broken (many features in the SDM don't work, I just get a pile of javascript errors in the console) so terminal commands only.

Here's my version:

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(20)T5, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Mon 08-Mar-10 17:52 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

System image file is "flash:c870-advsecurityk9-mz.124-20.T5.bin"

Cisco 877 (MPC8272) processor (revision 0x300) with 118784K/12288K bytes of memory.

Processor board ID FCZ123466JV

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

4 FastEthernet interfaces

1 ATM interface

128K bytes of non-volatile configuration memory.

24576K bytes of processor board System flash (Intel Strataflash)

Many thanks in advance for anyone who can shed some light on this.