From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Roselyn Calleja" Date: Fri, 04 Oct 2002 06:17:24 +0000 Subject: [LARTC] How to use private IP on my DMZ network MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_004F_01C26BB0.C3127CA0" Message-Id: List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_004F_01C26BB0.C3127CA0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi everyone, I have problems with my DMZ network. I'm using Linux with three = interface (eth0, eth1,eth2). eth0 is connected to my dsl modem, eth1 is = for my DMZ network where it contains all my websites, eth2 is my private = network. I'm using iptables. Below is my diagram: |-----------| = =20 DSL (Internet) eth0 ------ |Firewall | ------- eth2 (Private = Network) |-----|-----| = =20 |=20 | eth1 = (DMZ network) my current set-up: eth0 : 203.164.168.30 gw: 203.164.168.29 mask: 255.255.255.252 eth1: 203.164.168.161 (also the gateway of the network) mask:255.255.255.248=20 website 1: 203.164.168.163 website 2: 203.164.168.164 website 3: 203.164.168.165 =20 =20 I want to set-up my network like this: eth0 : same IP same gateway same netmask eth1 : 10.10.10.1 gw: 10.10.10.1 website1: 10.10.10.5 website2:10.10.10.6 website3:10.10.10.7 website1 public address is 203.164.168.163 website2 public address is 203.164.168.164 website3 public address is 203.164.168.165 So my iptables looks like this: iptables --table nat -A PREROUTING -p tcp -d 203.164.168.163 --dport 80 = -j DNAT --to-destination 10.10.10.5 iptables --table nat -A PREROUTING -p tcp -d 203.164.168.164 --dport 80 = -j DNAT --to-destination 10.10.10.6 iptables --table nat -A PREROUTING -p tcp -d 203.164.168.165 --dport 80 = -j DNAT --to-destination 10.10.10.7 So what i mean is that any request for 203.164.168.163 to 165 would pass = through my firewall then with my iptables set as such, it would be = forwarded to my webserver. Does anybody knows how to work this thing out? Is it possible? Please = reply. Thanks! Rose ------=_NextPart_000_004F_01C26BB0.C3127CA0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
Hi everyone,
 
I have problems with my DMZ network. = I'm using=20 Linux with three interface (eth0, eth1,eth2). eth0 is connected to my = dsl modem,=20 eth1 is for my DMZ network where it contains all my websites, eth2 is my = private=20 network. I'm using iptables. Below is my diagram:
 
          &nbs= p;            = ;            =             &= nbsp;          |-------= ----|      =20
      DSL = (Internet)=20 eth0 ------ |Firewall | -------  eth2 (Private = Network)
          &nbs= p;            = ;            =             &= nbsp;          |-----|-= ----|  =20    
          &nbs= p;            = ;            =             &= nbsp;           &n= bsp;        |=20
        =             =    =20             =    =20             =    =20             |
        =             =    =20             =    =20             =    =20         eth1 (DMZ = network)
 
my current set-up:
 
eth0 :     =    =20 203.164.168.30
        =     gw:  203.164.168.29
        =     mask: 255.255.255.252
 
eth1:          = ; 203.164.168.161=20 (also the gateway of the network)
        =     mask:255.255.255.248
website=20 1:  203.164.168.163
website 2: = 203.164.168.164
website 3:=20 203.164.168.165         &nbs= p;   
          &nbs= p; =20
I want to set-up my network like=20 this:
 
eth0 : same IP
        =     same gateway
        =     same netmask
 
eth1 : 10.10.10.1
          &nbs= p; gw:=20 10.10.10.1
website1: 10.10.10.5
website2:10.10.10.6
website3:10.10.10.7
website1 public address is=20 203.164.168.163
website2 public address is=20 203.164.168.164
website3 public address is=20 203.164.168.165
 
So my iptables looks like = this:
 
iptables --table nat -A PREROUTING -p = tcp -d=20 203.164.168.163 --dport 80 -j DNAT --to-destination = 10.10.10.5
iptables --table nat -A PREROUTING -p = tcp -d=20 203.164.168.164 --dport 80 -j DNAT --to-destination=20 10.10.10.6
iptables --table nat -A PREROUTING -p = tcp -d=20 203.164.168.165 --dport 80 -j DNAT --to-destination = 10.10.10.7
 
So what i mean is that any request for 203.164.168.163 to 165 would = pass=20 through my firewall then with my iptables set as such, it would be = forwarded to=20 my webserver.
 
Does anybody knows how to work this thing out? Is it possible? = Please=20 reply.
 
Thanks!
 
Rose
 
 
 
------=_NextPart_000_004F_01C26BB0.C3127CA0-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/