* This is possible?
@ 2006-11-27 12:16 Mike S. Matsumoto
2006-11-27 15:35 ` Taylor, Grant
0 siblings, 1 reply; 2+ messages in thread
From: Mike S. Matsumoto @ 2006-11-27 12:16 UTC (permalink / raw)
To: netfilter
INTERNET
/ \
/ \
/ \
/ \
/ \
/ \
------------------------ ----------------------------
|Connection 1 | | Connection 2 |
|IP no-dynamic| | Dynamic IP |
--------------------------- ---------------------------
\ /
\ /
\ /
\ /
\ /
----------------------
| FIREWALL |
----------------------
/ \
/ \
/ \
/ \
/ \
----------------------------- ------------------------
| DMZ Segment | | Internal NET |
| Public ips | | Private ips |
---------------------- -----------------------
Guys, this is possible?
I have two connections with Internet. And I need that DMZ use
Connection 1 and Internal NET use Connection 2 for access Internet.
So, i will have one default gw for connection 1 and another for connection 2.
How this work? Any tutorial or link for help me?
Thanks.
---
Mike
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: This is possible?
2006-11-27 12:16 This is possible? Mike S. Matsumoto
@ 2006-11-27 15:35 ` Taylor, Grant
0 siblings, 0 replies; 2+ messages in thread
From: Taylor, Grant @ 2006-11-27 15:35 UTC (permalink / raw)
To: netfilter
Mike S. Matsumoto wrote:
<snip>
> Guys, this is possible?
Yes.
> I have two connections with Internet. And I need that DMZ use
> Connection 1 and Internal NET use Connection 2 for access Internet.
>
> So, i will have one default gw for connection 1 and another for
> connection 2.
>
> How this work? Any tutorial or link for help me?
If you have different subnets on your DMZ LAN from that of your internal LAN
this can easily be accomplished with IP Route 2 rules. Namely set up one
(named / numbered) routing table for each connection and then set up some
"ip rule"s to decide which routing table to use based on source IP subnet.
If you do not have different subnets on your DMZ LAN from that of your
internal LAN, you can do something very similar based on firewall marking.
I'll presume that your DMZ LAN is on a different interface than your
internal LAN. In this case, mark one of the LAN interfaces via IPTables and
then use an "ip rule" to match the fwmark to decide which routing table to use.
Grant. . . .
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-11-27 15:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-27 12:16 This is possible? Mike S. Matsumoto
2006-11-27 15:35 ` Taylor, Grant
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox