On Thu, 29 Dec 2011 10:44:05 -0600 Ian Pilcher wrote: > OK, I have a few comments and suggestions. Worth every cent you paid > for them. They seem more valuable than that! Thanks. > You'll want to make this persistent by setting net.ipv4.ip_forward = 1 > in /etc/sysctl.conf. Yea, I was going to worry about making everything permanent after I got it to work. > This combination will restrict the DMZ guest from initiating connections > to machines on your local network, but you'll still be able to make > inbound connections the other way, if you wish. That's the most important bit. I want nothing evil downloaded in the isolated machine to be able to escape :-). > Personally, I find bifrost to be an extremely weird name for a network Ah, but it is a bridge, and what bridge is more famous and bifrost? :-). > interface. I would recommend using something that is more obviously an > interface; it makes reading the iptables stuff much easier. I'm not sure anything can help reading iptables rules. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
