From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
To: Alabama <alabama@interia.pl>
Cc: netfilter@lists.netfilter.org
Subject: Re: iptables
Date: Mon, 31 Jan 2005 07:02:56 -0500 [thread overview]
Message-ID: <41FE1E70.3060508@opensourcedevel.com> (raw)
In-Reply-To: <5.2.0.9.0.20050131123100.02a937a0@pazim.home.pl>
Alabama wrote:
> Dear All,
> I have linux router with 3 NIC cards.
> One is an internet interface. Second is my LAN network and third is
> public addresses network.
> I am using iptables. My LAN network works perfectly filtering packets. I
> have problems with my public addresses network- I would like this
> network to work without any filtering and just can't do it.
> Could give me advice how to pass by iptables or how to set up iptables
> to route traffic to public addresses without any filtering?
> Best regards
> Andy
>
> ----------------------------------------------------------------------
> Najlepsze auto, najlepsze moto... >>> http://link.interia.pl/f1841
>
>
>
I do not know the details of your installation so there may be a good
reason for you to do this but I would normally never recommend no
filtering even, perhaps especially, to a DMZ.
In any event, you can probably regulate the traffic using the
interfaces, e.g.,
iptables -I FORWARD 1 -i eth0 -o eth2 -j ACCEPT
iptables -I FORWARD 1 -i eth2 -o eth0 -j ACCEPT
That's what comes to mind off the top of my head. Good luck and, unless
you have a really good reason, I would not recommend doing this. If the
problem is just the complexity of managing changing security on the DMZ,
consider a GUI front end like fwbuilder (http://www.fwbuilder.org) or,
for large and highly complex environments ISCS
(http://iscs.sourceforge.net) when it is ready - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
Financially sustainable open source development
http://www.opensourcedevel.com
next prev parent reply other threads:[~2005-01-31 12:02 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-31 11:31 iptables Alabama
2005-01-31 12:02 ` John A. Sullivan III [this message]
[not found] ` <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
2005-01-31 13:18 ` iptables John A. Sullivan III
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 12:20 IPTables nullv
2012-04-13 23:54 IPTables nullv
2012-04-14 9:35 ` IPTables Amos Jeffries
2012-04-13 23:53 IPTables nullv
[not found] <047d7b10cb31c8716404bd5f56a7@google.com>
[not found] ` <e89a8ff2474fc99c5604bd608a88@google.com>
2012-04-11 13:06 ` IPTables Ethy H. Brito
2012-04-11 3:03 IPTables Al Grant
2012-04-11 3:45 ` IPTables Ethy H. Brito
2012-04-11 6:33 ` IPTables John Lister
2008-01-13 18:53 Can't set up transparent proxy on XO laptop P Zemlja
2008-01-13 22:44 ` G.W. Haywood
2008-01-14 7:45 ` iptables sa
2008-01-14 9:17 ` iptables G.W. Haywood
2008-01-15 13:12 ` iptables sa
2008-01-15 14:54 ` iptables G.W. Haywood
2006-10-19 5:08 IPTABLES tarak
2005-06-19 2:17 iptables s s
2005-05-19 17:45 Iptables Chadley Wilson
2005-05-19 19:33 ` Iptables Jason Opperisano
2005-05-19 20:13 ` Iptables Chadley Wilson
2005-05-19 21:43 ` Iptables Jason Opperisano
2005-05-20 5:38 ` Iptables Chadley Wilson
2005-05-20 5:50 ` Iptables Jason Opperisano
2005-05-20 6:04 ` Iptables Rob Sterenborg
2005-05-20 6:26 ` Iptables Rob Sterenborg
2005-05-18 21:04 Iptables Limbert Fuentes Quiroga
2005-01-31 11:16 iptables Andrzej
2004-09-28 5:07 Iptables Contact
2004-09-28 5:25 ` Iptables Rob Sterenborg
2004-09-28 8:19 ` Iptables Contact
2004-09-28 14:04 ` Iptables Jason Opperisano
2004-09-28 14:09 ` Iptables Aleksandar Milivojevic
2004-09-28 10:36 ` Iptables John A. Sullivan III
2004-09-28 14:27 ` Iptables Jose Maria Lopez
2004-05-27 17:51 iptables Alejandro Cabrera Obed
2004-02-27 2:23 iptables mustafa hassan
2004-01-31 8:39 Iptables Ivan Zagvozkine
2004-01-28 11:12 Iptables jean-francois fleury
2004-01-28 13:25 ` Iptables Jeffrey Laramie
2003-05-26 13:34 iptables Wan System S.R.L.
2003-05-26 15:27 ` iptables Pedro C. Arias
2003-04-28 18:29 IPTABLES lfps
2003-04-23 5:17 iptables Star Fire
2003-02-27 18:04 iptables Guss
2003-01-19 17:30 iptables VASIF MUSAOGULLARI
2003-01-21 11:42 ` iptables Erdal Mutlu
2003-01-17 9:20 IPtables Jet
2002-06-28 13:28 iptables luigicart
2002-06-28 13:45 ` iptables Antony Stone
2002-06-28 13:48 ` iptables Tom Eastep
2002-06-28 14:00 ` iptables Joe Patterson
2002-06-13 9:03 Iptables Paulo Andre
2002-06-11 2:24 iptables Matthew Hellman
2002-06-10 14:06 iptables Paulo Andre
2002-06-10 19:27 ` iptables Antony Stone
2002-06-11 2:23 ` iptables Matthew Hellman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41FE1E70.3060508@opensourcedevel.com \
--to=jsullivan@opensourcedevel.com \
--cc=alabama@interia.pl \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox