On Wed, 2012-02-01 at 17:08 -0500, Dimitri Yioulos wrote:
> > In summary, if I understand your setup correctly, you should be able to
> > assign *one* of your public IP addresses to eth3, and then assign
> > another one to the web server, assuming they're all in the same subnet
> > and you get the subnets correct.
>
> Thanks for your efforts, especially as you're dealing with someone as dense as
> me.
>
> On the test machine (call it box 3 in the diagram), I changed the ip to be
> 75.x.x.28, netmask 255.255.255.248, network 75.x.x.24. I set the gateway to be
> 75.x.x.25 (eth3 address on the firewall/router). I can't ping anything.
What are your actual IP addresses?
> At this point, is it a firewall rule issue? If so, what is/are the rule(s) I
> need to add?
You'll need something like "iptables -A FORWARD -o eth3 -j ACCEPT",
assuming that your default policy is DROP. Plus the associated inbound
connection ("iptables -A FORWARD -i eth3 -j ACCEPT"). Of course, you
should tighten these up, but I'd get it working first.
> If I had my choice, though, I'd rather assign an address of 192.168.1.x to the
> test machine (as with the rest of the devices in the DMZ),
I suggest you get it working with the public IP address first, as it's
less things to configure.
Andy
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
