[Techtalk] Firewall DMZ Question

[James]

Setup:
I have a full Class C, which I've divided into 8 subnets (4 going to be
used).  I want to have an iptables firewall sitting on the network directing
traffic.  I do not need to masquerading done on this firewall.  I merely
want it to direct traffic between DMZs (Pub #1 = internet;  DMZ #1 =
Internet Servers for www, mail, DNS; DMZ #2 = Network with NAT/Proxy FW
server to private network, which I know how to do; DMZ #3 otherstuff....).

Now how do I setup the routing for this?

Do I have to make entries into the routing table using the route command for
this?

Or will an iptables rule suffice?  Like this one...
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $DNS_IP --dport
53 -j DNAT --to-destination $DMZ_DNS_IP

The tutorial seems to say I'd need to alias the IP on the firewall's public
facing NIC, but doesn't specify how (just add an eth0:1, eth0:2, eth0:3,
right?).
http://lug.irk.ru/misc/iptables-tutorial-1.0.6.html

This tutorial has RFC1918 IPs for the DMZ servers, but substituting real IPs
in should work, right?

I mostly understand the concepts of firewalls and packet filtering, I just
am confused on this one specific :)

- James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxchix.org/pipermail/techtalk/attachments/20011029/d99586d2/attachment.xhtml