On Thursday 27 November 2003 1:02 pm, Knight, Steve wrote:
> Hi chaps
>
> Had a bit of a google, and of course consulted Ziegler, but I'm still not
> 100% on either of these, so ---
>
> 1) can iptables use eth0:0 as a valid interface distinct from eth0 ?
No. They're both the same physical device, and netfilter only knows it as
eth0.
> So I can use eth0 as LAN internal i/f and eth0:0 as DMZ internal i/f.
You can if you really want to but nobody here will respect you for it :)
I almost completely blows away the concept of a DMZ - because somebody on your
internal LAN can get unrestricted access to the DMZ machines simply by
changing their IP address.
> and ...
>
> 2) Back when I did my checkpoint certs we covered "static NAT" - simple
> one-to-one address translation, rather than "hide NAT" - aka iptables SNAT
> / MASQUERADE....
>
> ...the question I have is -
>
> is the example given in Ziegler starting on p280 and table 7.1 "Host
> Forwarding to Servers in a Privately Addressed DMZ" an example of "static
> NAT"?
Please can you rephrase the question so that we can answer it without needing
a copy of the book?
Antony.
--
All matter in the Universe can be placed into one of two categories:
1. Things which need to be fixed.
2. Things which need to be fixed once you've had a few minutes to play with
them.
Please reply to the list;
please don't CC me.
