ipchains rules for dmz??
Does anyone have a set of ipchains rules for a DMZ that doesn't have
routable IPs and an internal network that doesn't have routable IPs?
I looked on the IPCHAINS HOWTO page, but they don't have a script for
this. I haven't seen anything with google either.
I'm looking for something like this:
Internet (bad) <---> firewall <---> dmz (192.168.9.*)
+----------> internal LAN (good) (10.177.9.*)
I would like:
bad --> good = nothing but NATed established traffic
bad --> dmz = port 80 to web box, port 25 to mail, port 53 ([tu]dp) to
DNS), ssh to web box
dmz --> good = nothing but NATed traffic
dmz --> bad = NATed traffic (allow all for now)
good --> bad = NATed traffic (allow all for now)
good --> dmz = same as bad --> dmz.
All of the scripts I've seen have DMZ as routeable. The biggest problem I
have is that good --> dmz because they're both private IP ranges. I
thought I could just pass them with something like:
ipchains -N good-dmz
ipchains -A forward -s $INTERNAL_NET -i $DMZ_INTERFACE -j good-dmz
ipchains -A good-dmz -j ACCECPT
(this terminology is from the IPCHAINS HOWTO)
Any suggestions? Any help?
Linux Users Group at UD mailing list
Archives : http://www.lug.udel.edu/pipermail/linux/
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org