> [2] We are confused about usage of:
>
> INTERN_SERVERS
>
> Format is given:
>
> <protocol>_<extern-ip>_<extern-port>_<intern-ip>_<intern-port>
>
> Suppose that we want 192.168.0.250 ping-able by the world -- how ought
> this be var be constructed?
INTERN_SERVERS creates port-forwarding rules. I don't think you can
port-forward ICMP packets, so your example has no valid answer. If,
however, you wanted to port-forward web requests, you would do something
like:
INTERN_SERVERS="tcp_<publicIP>_80_192.168.0.250_80"
> Or, by extern-ip, does this mean -- literally -- the external interface
> of the firewall?
Extern-IP is a public IP assigned to the firewall. It could be the primary
(or only) IP, or an IP alias assigned to the main external interface.
> Is there a way to make NAT'ed, internal addresses accessible from the
> DMZ?
Yes, you port-forward them just like you would to get access from the
internet. Be careful, however, as you're usually better off (from a
security standpoint) making connections from your internal net to the DMZ.
Any connections allowed from the DMZ (or internet) to your internal network
represent potential areas to exploit security holes in the programs
'listining' to those ports.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
