Re: server in DMZ - Payal Rathod

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Payal Rathod <payal-netfilter@scriptkitchen.com>
To: Netfilter ML <netfilter@lists.netfilter.org>
Subject: Re: server in DMZ
Date: Thu, 2 Sep 2004 15:04:05 -0400	[thread overview]
Message-ID: <20040902190405.GA4531@tranquility.scriptkitchen.com> (raw)
In-Reply-To: <1094130804.2573.9.camel@wolfpack.ljm.dom>

On Thu, Sep 02, 2004 at 09:13:25AM -0400, Jason Opperisano wrote:
> i think there's some confusion here...there are three rules involved in
> this scenario:

Yes, I already have the 3 rules. The only thing I am worrying about 
is how do I let my internal LAN users access the DMZ machine using
its public IP if I use the 3 rules given by you below. The below rules
will effectively block all traffic except from 1.2.3.4 and my LAN users
are on 192.168.x.x series and using squid as their proxy.
(squid machine is the gateway/firewall machine itself)
-Payal

> 
> (1) NAT rule that maps port 80 on the outside to port 80 on your DMZ
> server:
> 
>   -A PREROUTING -d 5.6.7.8 -p tcp -m tcp --dport 80 \
>     -j DNAT --to-destination 10.10.10.3
> 
> (2) FILTER rule that allows external access to server in DMZ from client
> IP:
> 
>   -A FORWARD -p tcp -s 1.2.3.4 -d 10.10.10.3 --dport 80 -j ACCEPT
> 
> (3) FILTER rule that allows squid proxy running directly on your
> firewall to fetch content from server in DMZ:
> 
>   -A OUTPUT -p tcp -d 10.10.10.3 --dport 80 -j ACCEPT
> 
> remember:  packets passing through the firewall are filtered by FORWARD,
> packets coming from the firewall are filtered by OUTPUT.
> 
> -j
> 
> -- 
> Jason Opperisano <opie@817west.com>
> 
>

next prev parent reply	other threads:[~2004-09-02 19:04 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-02  2:50 server in DMZ Payal Rathod
2004-09-02  3:04 ` Jason Opperisano
2004-09-02  3:17   ` Payal Rathod
2004-09-02  3:24     ` Jason Opperisano
2004-09-02  3:51       ` Payal Rathod
2004-09-02  3:54         ` John A. Sullivan III
2004-09-02  4:08           ` Payal Rathod
2004-09-02  4:21             ` John A. Sullivan III
2004-09-02 13:13             ` Jason Opperisano
2004-09-02 19:04               ` Payal Rathod [this message]
2004-09-02 19:17                 ` Jason Opperisano
2004-09-02  3:05 ` John A. Sullivan III

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040902190405.GA4531@tranquility.scriptkitchen.com \
    --to=payal-netfilter@scriptkitchen.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.