Setup: I have a full Class C, which I've divided into 8 subnets (4 going to be used in the current configuration, more on the way as we move stuff in).
I want to have an iptables firewall sitting on the network directing traffic. I do not need to masquerading for a private network done on this firewall. I merely want it to direct traffic between DMZs (Pub #1 = Subnetwork for public network; DMZ #1 = Subnetwork for Internet Servers for www, mail, DNS; DMZ #2 = subnetwork with NAT/Proxy FW server to private network, which I know how to do; DMZ #3 subnet for otherstuff....). The main firewall dividing the network will be a Linux fw with iptables and kernel 2.4.13. Now how do I setup the routing for this? Do I have to make entries into the routing table using the route command for this? Or will an iptables rule suffice? Like this one... $IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $DNS_IP --dport 53 -j DNAT --to-destination $DMZ_DNS_IP The tutorial seems to say I'd need to alias the IP on the firewall's public facing NIC, but doesn't specify how (just add an eth0:1, eth0:2, eth0:3, right?). http://lug.irk.ru/misc/iptables-tutorial-1.0.6.html This tutorial has RFC1918 IPs for the DMZ servers, but substituting real IPs in should work, right? I mostly understand the concepts of firewalls and packet filtering, I just am confused on this one specific :) - James
