Re: iptables forwarding to inside firewall
On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> [1] If you use the "3 legged firewall" setup, it is possible to
> distinguish DMZ traffic from other traffic based on which interface it is
> entering the firewall.
Just have two different NIC's to two different non-routable
LAN's; one is your private LAN, the other is for you public
services. Port redirect services into the public net
and firewall it so nothing can connect back out from it.
Then even if your MTA is hacked, all you've lost is the
machine on the public LAN. Your fw and private Lan are
still secure.
--
------------------------------------------------------
IN MY NAME: Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
------------------------------------------------------
Reply to: