3 part firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Like David T I'm a bit frustrated myself. :)

The flexiblity of iptables has got me pulling my hair out. Here's what I would 
like to do:

I have a server that has 3 real interfaces (no aliases). eth0 is the public, 
eth1 is the private and eth2 is the DMZ interface. All the books and docs 
I've seen so far work with only two interfaces and trying to adapt those 
scripts is giving me a headache.

I want to allow all private traffic out to the internet through PAT (port 
address translation). But when going from the LAN to the DMZ I want no nat or 
pat going on, only when leaving to the internet. 

Next I would like a strict rule that allows another public IP to be 1 to 1 
nat'd from the public interface to a server out the DMZ interface.

I've got the new riders second edition of the linux firewalls book and tons of 
howto's and yet I'm having trouble putting together this simple firewall.

I'm currently using narc to setup the firewall and it appears to work to get 
basic internet bound traffic from the lan and I can get to the DMZ from the 
LAN without translation so I'm close here but getting the 1 to 1 NAT working 
is causing me grief.

Any ideas?

Thanks,
Robert



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux