[Techtalk] iptables, dmz, public addys
John Clarke
johnc+linuxchix at kirriwa.net
Wed Mar 15 10:50:23 EST 2006
On Tue, Mar 14, 2006 at 08:51:31 +0530, Devdas Bhagat wrote:
> Someone on another IRC channel suggested a slightly different trick.
> Assign the external IP address to the NAT gateway to the loopback interface
> of the host. This lets the real server think that the public IP address
That's an interesting trick, and similar to one I did a while ago. I
configured eth0:1 with the public address of the web server (with a
netmask of 255.255.255.255). It was the only host, other than the
firewall, on that physical network, and the firewall was running a 2.2
kernel with ipchains. The web/mail server had a 2.4 kernel with iptables,
so it was easier to do NAT on the web/mail server. It was still a bit
messy though.
Now there are six hosts in the dmz, all have routable addresses, and
there's no need to NAT. It's easier that way.
> I haven't tried this yet (mostly because I don't have access to hardware
> which needs a NAT), but it should work.
It probably will, but it might also cause other problems because
lo != 127.0.0/8. I'll leave it to someone else to discover them;
I have enough other problems to deal with.
Cheers,
John
--
I said I learned it in highschool, not that I speak it tres fscking
well, if you'll pardon my French.
-- Anthony de Boer
More information about the Techtalk
mailing list