Hi Charles, hi mailing list members,
How can I configure a firewall on such a routed DMZ with the script in
the Eiger distribution?
I wonder if IP masquerading is at all required to achieve the same
level of security for the DMZ as provided for the internal network
that I do not have? What is the difference of masquerading and
filtering in this context?
I guess that the filtering that I am looking for is less complicated
than port forwarding.
After I got the Eiger distribution running with
IPFILTER_SWITCH=router
I have changed to
IPFILTER_SWITCH=firewall
and created one entry in
INTERN_SERVERS="tcp_a.b.c.d_80_tcp_a.b.c.d_80"
where a.b.c.d is a routable address in the DMZ.
But what do I have to do with
INTERN_NET
INTERN_IP
and
MASQ_SWITCH
?
Firewalling doesn't work for me yet.
What am I missing?
Many thanks,
Bernard
[EMAIL PROTECTED]
On Mon, 9 Jul 2001 11:23:50 -0500, you wrote:
[snip]
>It sounds like you're trying to make your life more complicated than it
>actually is. Your network description seems to be for what I call a
>"routed" DMZ. Your ISP assigns your firewall/router box an IP, and gives
>you a subnet of IP address they route to you. The standard Materhorn/Eiger
>firewall scripts have supported this type of DMZ as long as I've worked with
>LRP.
[snip]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
