Kjetil N=E6ss wrote: > Hi all, > I've spent too many hours trying to solve a problem I now hope some kind > person can help me with.=20 > I'm using the latest Dachstein CD version, 3 network cards as follows > =20 > eth0=3Dexternal (ip's 212.125.237.178, 180, 181,182) > eth1=3Dinternal (ip's 192.168.1.0/24) > eth2=3DDMZ (ip's 192.168.2.0/24) > =20 > I want to allow a machine in the DMZ to connect to a specific machine in > the internal net on a specific port, ie.
Kjetil this idea violates the whole idea of using a DMZ. eth1, your internal net should connect to both eth0, the external and eth2 the DMZ. However, eth2 should never connect to the internal net. The DMZ routing is designed to do this...on purpose. If a server on your DMZ net is compromised and it has access to your internal net, then your internal net is at risk. The DMZ leverages the router to serve both your protected internal net that is being protect from the big bad Internet, and the router allows you to host servers who are at risk on the Internet--the DMZ. It would be adviseable for you to rethink your strategy. Perhaps you could describe it in more detail and others could help you enable your goals safely. I hope this helps, Greg Morgan > =20 > machine 192.168.2.2 wants to connect to 192.168.1.250 on port 4711. > =20 > I have no problem going from internal to external, or from internal to > dmz (can connect to web-server on dmz). All attempts to have=20 > the machine in the dmz connect to the internal one fails. Some have > mentioned to me that this will not be possible/allowed. True ? > =20 > At the moment, DMZ_SWITCH=3DPRIVATE. I've tried with YES/PROXY (what's = > the > difference between these three ?). I've also tried > setting up rules for accepting traffic between these to machines to no > avail. Telnet from 192.168.2.2 to 192.168.1.250 4711 fails,=20 > and nothing appears in the log. Could it be a routing problem ? I've set > default gateway on 192.168.2.2 to 192.168.2.254 which is the ip > of eth2. > > Please help if you can. > =20 > Kjetil N=E6ss <snip html..you only need to send text> _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
