* WAP11: 1-to-1 NAT (DMZ)
@ 2002-09-18 22:59 Ryan Beisner
0 siblings, 0 replies; only message in thread
From: Ryan Beisner @ 2002-09-18 22:59 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 798 bytes --]
In Watchguard's Firebox system, there is a term called 1-to-1 NAT, a new one to me. This is used in reference to a packet filtering router protecting a DMZ from the WWW. Its principle is the same applied to achieve my "virtual host."
iptables -A PREROUTING -t nat -d 10.20.0.4 -j DNAT --to 192.168.168.2
iptables -A POSTROUTING -t nat -d 192.168.168.2 -j SNAT --to 10.20.0.4
Now I want to enable certain ports (for instance, 22 and 80) and deny everything else.
When is the appropriate time to add protocol filters, before or after these two lines? And what would they look like?
192.168.168.2 is a Linksys WAP11 behind the firewall
10.20.0.4 is a Virtual IP on the external interface (which is already firewalled down the line).
Thanks!
-Ryan Beisner
[-- Attachment #2: Type: text/html, Size: 1741 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-09-18 22:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-18 22:59 WAP11: 1-to-1 NAT (DMZ) Ryan Beisner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.