Re: one interface, basic setup

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Ruprecht Helms <rhelms@my-mail.ch>
To: Bill McCormick <wpmccormick@sbcglobal.net>,
	netfilter@lists.netfilter.org
Subject: Re: one interface, basic setup
Date: Fri, 22 Jul 2005 20:51:42 +0200	[thread overview]
Message-ID: <42E1403E.9010009@my-mail.ch> (raw)
In-Reply-To: <42E067DB.3060809@sbcglobal.net>

Bill McCormick wrote:
> /dev/rob0 wrote:
> 
>> Bill McCormick wrote:
>>
>>> (basic and packet filtering) I still feel unsure. I want to build a 
>>> FW for outgoing packets only. My setup looks like this:
>>>
>>> internet <---->Netgear FVS318 <----> LAN

The case he wants

internet <------ Netgear FVS 318 <---- FC3  ----> LAN

internet -------> something else or nothing ----> (FC3) ? ---> LAN


> ...Basically, I just want 
> ALL out-bound traffic to pass through FC3 iptables then get routed to 
> the FVS318.

> So, the best (easiest) way to accomplish this is to make the FC3 the 
> gateway router by adding another interface? 

I'm right that routing to outside should be via dmz in this case?

Figured like this:



internet ------> FC3 <------> LAN
                  |
                  | DMZ
                  |
internet <---- Netgear FVS 318


>Do the NAT rules get crazy 
> for that? 

In this case NAT must translate the incoming traffic for the lan
and the outgoing for routing in the dmz. To transfer the traffic
out in the internet is be done by the netgearrouter.


Are the routing tables complicated?

Regards,
Ruprecht

------------------------------------------------------------------------------------------
Ruprecht Helms IT-Service & Softwareentwicklung

Tel./Fax  +49[0]7621 16 99 16
Web:       htp://www.rheyn.de

     prev parent reply	other threads:[~2005-07-22 18:51 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-21  2:38 one interface, basic setup Bill McCormick
2005-07-21 11:49 ` /dev/rob0
2005-07-22  3:28   ` Bill McCormick
2005-07-22 18:51     ` Ruprecht Helms [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42E1403E.9010009@my-mail.ch \
    --to=rhelms@my-mail.ch \
    --cc=netfilter@lists.netfilter.org \
    --cc=wpmccormick@sbcglobal.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox