Re: Internet Firewall with 3interfaces
From: Shane (shane_at_weasel.is-a-geek.net)
Date: 11/13/05
- Previous message: Davorin Vlahovic: "Re: masm for Ubuntu?"
- In reply to: Mathon Florent: "Internet Firewall with 3interfaces"
- Next in thread: stonefoz: "Re: Internet Firewall with 3interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 14 Nov 2005 07:24:18 +1300
On Sun, 13 Nov 2005 18:01:45 +0100, Mathon Florent wrote:
> Hello,
>
> I am trying to build an internet firewall with SuSe10 and Yast
>
> there are 3 interfaces on the PC and the following settings
>
> - eth0 External (internet) 192.168.2.3
> - eth1 DMZ 192.168.4.1
> - eth2 Internal 192.168.3.1
>
> I could reach Internet from DMZ and from Internal
>
> But My problem is to reach DMZ from internal and internal from DMZ! how to
> do this ?
>
> Regards,
>
> Florent M
Er.. The point of having a DMZ is to seperate computers that have
anonymous access away from your Internal machines.
IOW The DMZ machines are in a position to be compromised, and should be
treated as so. Allowing traffic to pass freely from the DMZ to the
Internal and back defeats the whole purpose of your network design and
firewall configuration.
</lecture>
Assuming your firewall machine is running Iptables,
iptables --table nat --append POSTROUTING --out-interface eth1 -j
MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT
In effect you are turning your firewall into a router
HTH
-- Hardware, n.: The parts of a computer system that can be kicked The best way to get the right answer on usenet is to post the wrong one.
- Previous message: Davorin Vlahovic: "Re: masm for Ubuntu?"
- In reply to: Mathon Florent: "Internet Firewall with 3interfaces"
- Next in thread: stonefoz: "Re: Internet Firewall with 3interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
