[Techtalk] Firewall DMZ Question
james at james-web.net
Mon Oct 29 08:46:21 EST 2001
I have a full Class C, which I've divided into 8 subnets (4 going to be
used). I want to have an iptables firewall sitting on the network directing
traffic. I do not need to masquerading done on this firewall. I merely
want it to direct traffic between DMZs (Pub #1 = internet; DMZ #1 =
Internet Servers for www, mail, DNS; DMZ #2 = Network with NAT/Proxy FW
server to private network, which I know how to do; DMZ #3 otherstuff....).
Now how do I setup the routing for this?
Do I have to make entries into the routing table using the route command for
Or will an iptables rule suffice? Like this one...
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $DNS_IP --dport
53 -j DNAT --to-destination $DMZ_DNS_IP
The tutorial seems to say I'd need to alias the IP on the firewall's public
facing NIC, but doesn't specify how (just add an eth0:1, eth0:2, eth0:3,
This tutorial has RFC1918 IPs for the DMZ servers, but substituting real IPs
in should work, right?
I mostly understand the concepts of firewalls and packet filtering, I just
am confused on this one specific :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Techtalk