On Tue, Nov 10, 2009 at 1:39 PM, Girish Venkatachalam < [email protected]> wrote:
> > VoIP is hard. FTP is very hard. Only browsing is basic. Like Steve did, I also disagree about this being hard. Try using a utility like Shorewall and you will probably find this easier to set up. I'd urge you to learn the detail config by hand though. For H323, VoIP, SIP etc, make sure you've appropriate netfilter helper or ALG modules loaded. Generally speaking it is better to have the ftp box behind the NAT box. Look up 3 zone firewall examples (I can send you one if need be). Such servers are available on the DMZ zone which is a another LAN subnet in the private address space. Routing is done between the two LAN subnets via the gateway which will have 3 ethernet interfaces - one for the LAN, one for the Internet and one for the DMZ. Connections on ftp port on the Public IP for ftp is DNAT to the ftp server in the DMZ. -- Mohan Sundaram _______________________________________________ To unsubscribe, email [email protected] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
