Le jeu 15/04/2004 à 16:53, Antony Stone a écrit : > > iptables -t nat -A POSTROUTING -o dmzinterface -j MASQUERADE > I disagree with this rule. It will make all connections to servers in the > DMZ network appear to come from the firewall, which will destroy any useful > logging on the services which are running. One may just add a "-s $LAN" statement so DMZ do not see packets using internal addressing scheme (obfuscation), but keep external addresses unmodified for logging purposes. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
