> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of P > theodorou > Sent: Thursday, September 22, 2005 8:50 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: DMZ howto > > Hello > > I want to achieve the firewall script in the official > iptables tutorial 1.20 version practices here > http://iptables-tutorial.frozentux....MZ.firewall.txt > > typically a well known set up is > to receive traffic from the ISP via dhcp which assigns IP to > eth0 and eth0 forwords traffic to eth1 (NAT) which is the > default gateway for a laptop . > > Now the machine has eth0 eth1 and eth2 so far we have spoken > for eth1 . Eth2 i wanted to be a DMZ for servers who need > passive connections FTP etc... > > The concept of DMZ confuses me , can you suggest any > resources for the topic ? > > Really appreciated Technically a DMZ is a subnet with unfiltered access to the internet. However common usage of the term is a subnet with servers running services available to the outside world. I can't think of any reason why an internal network shouldn't be protected by a firewall (not that firewalls are the answer to security...). The point of having a separate network for your servers (DMZ) is to isolate them from the outside world _and_ from your inside users. You then use your FORWARDing rules to dictate what can travel between the networks, just like you do for a WAN/LAN setup, but instead of two possible vectors (WAN->LAN, LAN->WAN) you've got six: WAN->LAN, WAN->DMZ, DMZ->WAN, DMZ->LAN, LAN->WAN, LAN->DMZ. Makes it easy to inadvertently block traffic. Derick Anderson
