Firewall - DMZ, LAN, INTERNET
Jeremy Fowler
jfowler at westrope.com
Mon Jul 8 14:44:41 CDT 2002
Well, depending on how your current script is laid out, all you have to do is
just create an input and output chain for your DMZ interface. Everything that is
sent to the DMZ interface goes thru the DMZ input chain. Everything that is sent
out the DMZ interface is sent thru the DMZ output chain. Finally everything that
is forwarded either in or out of the DMZ interface is sent thru both the DMZ
input and output chains.
Here's an example:
http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current/rc.firewall.iptable
s.multi
> -----Original Message-----
> From: owner-kclug at marauder.illiana.net
> [mailto:owner-kclug at marauder.illiana.net]On Behalf Of jose sanchez
> Sent: Thursday, July 04, 2002 3:36 PM
> To: KC Linux
> Subject: Firewall - DMZ, LAN, INTERNET
>
>
> Hello:
>
> I have planned to build a Linux firewall and need your
> assistance:
>
> INTERNET -------- FIREWALL --------- DMZ
> |
> |
> |
> |
> LAN
>
>
> I was reading "Linux Firewall" book and the author
> doesn't go over a firewall script with three NICs.
> Other than the size of the script, how would a three
> NIC firewall differs from a two NIC? How does iptables
> handles it? Can traffic from the LAN can still be
> NATed?
>
> I would appreciate some hints and/or techniques on how
> to build such firewall.
>
> Thank you in advance.
>
>
> =====
> "An ounce of gold cannot buy an ounce of time."
> - Anonymous
>
>
> www.whmicro.com
>
> __________________________________________________
> Do You Yahoo!?
> Sign up for SBC Yahoo! Dial - First Month Free
> http://sbc.yahoo.com
>
>
More information about the Kclug
mailing list