Can someone please tell me about the downside of implementing directed pinholes in the firewall between DMZ & Green subnet. Pointers to literature/resources on the same would be most welcome. Expert advice more so ;-)) Specifically I want to implement directed pinholes (am presently reading up on them) for database access by webserver in DMZ and SMTP forwarding by mailserver from/to respectively the Green subnet. But I am totally unaware of any security & maintenence/monitoring implications. I am using ipcop firewall with static public IP and two Lan segments using 192.168.x.x address-space, with ipCop default instalation, incoming http , smtp & pop3/imap forwarded to webserver in DMZ, which is fully firewalled from connecting to Green Segment and no restrictions on outward connections. Request iptables gurus to please comment and point out various issues. With best regards and thanks in advance. Sanjay.
