As far as i understand. you only need one legal ip and that is for
your eth0. you should use illegal ips for the dmz and the internal
network. then you will have to create a static route to the web server
which is in the DMZ, since the external world only responds to eth0. i
have done this with Checkpoint FW-1. IP chains may have a different
implementation.
Amit Kaushal
Deloitte & Touche LLP
______________________________ Reply Separator _________________________________
Subject: IPCHAINS on Red Hat 6.2
Author: [EMAIL PROTECTED] at Internet-USA
Date: 5/3/2000 3:02 PM
I am attempting to configure a firewall machine using Red Hat Linux 6.2
ipchains. I am using the 3-NIC model with eth0 going to the Internet, eth1
going to the DMZ and eth2 to the protected network.
Currently my network IP address is xxx.xxx.xxx.128 with a subnet mask of
255.255.255.192. I assign the address of eth0 to be xxx.xxx.xxx.130 and
eth1 to be xxx.xxx.xxx.131.
I assign the www server in the DMZ an IP of xxx.xxx.xxx.132 set the gateway
to xxx.xxx.xxx.131 and it cannot ping to any machine other than itself.
The IPCHAINS rules on the firewall are all set to the default of ACCEPT.
If I set the IP of eth1 to 10.0.0.1 and www machine to 10.0.0.2 and put the
correct ipchains rules to forward and masq there is no trouble and I can
ping/access internal and external hosts.
Shouldn't I be using the my "real" IP addresses in the DMZ machines?
Am I creating a routing problem when I use the same address space for eth0
and eth1?
Any help is greatly appreciated.
Bill
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
