Sorry if this message went out twice.....
HI! I am trying to implement a DMZ on a FreeBSD firewall I am building. It
is using squid for transparent proxy, ipf for Statefull packet forwarding,
and ipfw/dummy net for rate limiting. Everything was going well until I got
to the DMZ part.
I have(fake IP addresses) a registered class C subnet of 123.1.1.1, and am
setting the DMZs network to 172.16.1.0. The Web server in the DMZ has an ip
address of 172.16.1.2, and the interface on the firewall is fxp2,
172.16.1.1. I can not seem to figure out for the life of me how to make
this work. My first guess was to set up ipnat as follows...
map fxp2 from 0.0.0.0/0 to 123.1.1.2 -> 172.16.1.2
but when I would try to telnet to any open port or ping the web server on
the 123.1.1.2 ip address, nothing would go across the fxp2 interface(per
tcpdump). Next I tried to map a specific port, for instance...
rdr fxp2 123.1.1.2 port 80 -> 172.16.1.2 port 80 tcp
once again, nothing would go across fxp2. Am I going about this DMZ thing
in the wrong way?
Thank you very much for your help!
Mason
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
