Re: Multiple nics on inside of DMZ

On Thu, Nov 14, 2002 at 01:55:59PM -0600, Miller, Jeff - x3328 wrote:

> Although I'm new to netfilter I haven't found anything that will keep
> this idea from working. However it is a lot of setup, and I've never
> really heard of anyone doing this before (except maybe on small
> firewalls where the DMZ is a single port on a lone firewall). Further
> complicating things is the fact that there will be around a dozen
> machines in the DMZ, requiring multiple quad NIC's. Any feedback on
> this crazy approach would be appreciated, thanks!

My firewall script takes this approach to creating a DMZ.  However, I
also go a littler further and only allow the DMZ systems to respond to
outside requests.  So, they can respond to any external request that
reaches them, but they can not initiate a connection to something
outside their subnet.

Jamin W. Collins

