3 part firewall - Robert Cole

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Robert Cole <robert.cole@support4linux.com>
To: netfilter@lists.netfilter.org
Subject: 3 part firewall
Date: Tue, 20 May 2003 23:42:51 -0700	[thread overview]
Message-ID: <200305202342.51581.robert.cole@support4linux.com> (raw)

Like David T I'm a bit frustrated myself. :)

The flexiblity of iptables has got me pulling my hair out. Here's what I would 
like to do:

I have a server that has 3 real interfaces (no aliases). eth0 is the public, 
eth1 is the private and eth2 is the DMZ interface. All the books and docs 
I've seen so far work with only two interfaces and trying to adapt those 
scripts is giving me a headache.

I want to allow all private traffic out to the internet through PAT (port 
address translation). But when going from the LAN to the DMZ I want no nat or 
pat going on, only when leaving to the internet. 

Next I would like a strict rule that allows another public IP to be 1 to 1 
nat'd from the public interface to a server out the DMZ interface.

I've got the new riders second edition of the linux firewalls book and tons of 
howto's and yet I'm having trouble putting together this simple firewall.

I'm currently using narc to setup the firewall and it appears to work to get 
basic internet bound traffic from the lan and I can get to the DMZ from the 
LAN without translation so I'm close here but getting the 1 to 1 NAT working 
is causing me grief.

Any ideas?

Thanks,
Robert

next             reply	other threads:[~2003-05-21  6:42 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-05-21  6:42 Robert Cole [this message]
2003-05-21 10:08 ` 3 part firewall Julian Gomez
2003-05-21 11:00   ` Oskar Andreasson
2003-05-21 10:35 ` David Trott
2003-05-21 19:15 ` Ralf Spenneberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200305202342.51581.robert.cole@support4linux.com \
    --to=robert.cole@support4linux.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.