Charles / All i'm trying somekind a thing with the DMZ=Private switch, for some reason when the switch is set to PRIVATE, i get a errormessagef from the IPCHAINS, dunno if my settings are incorrect, or there's a WRONG WORDING in the ipfilters for if DMZ = PRIVATE � �this is my DMZ settings
###############################################################################
# DMZ setup (optional)
###############################################################################
# Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
DMZ_SWITCH=PRIVATE
DMZ_IF="eth3"
DMZ_NET=192.168.11.240/28
# DMZ switches for all flavors except PRIVATE
###############################################################################
# For NAT DMZ's:
# DMZ_NET, above is likely a private IP range...DMZ_SRC should encompass the
# public IP range being NAT'd to DMZ_NET. Any systems
DMZ_SRC=1.1.1.0/27
# For Proxy-Arp or NAT DMZ's only:
# For security, any IP's within the DMZ_NET (PROXY) or DMZ_SRC (NAT)
# specification, above, that are NOT remote systems reached via DMZ_IF must
# be listed here. This potentially includes IP's of this LRP system, your
# gateway, and systems connected to your external interface.
DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
## Both of the following should be used together - ie if you turn on
## DMZ_HIGH_TCP_CONNECT - DO specify DMZ_CLOSED_DEST!
# Allows inbound connections to high tcp ports (>1023)
# You can also allow to specific machines using 1024: (or a smaller range)
# as the dest port range in DMZ_OPEN_DEST (RECOMMENDED)
DMZ_HIGH_TCP_CONNECT=NO
## 3306 MySQL, 6000 X, 2049 NFS, 7100 xfs
DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
# Inbound services to allow to the DMZ
# <protocol>_<destination IP/network>_<destination port or range>
DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
tcp_${DMZ_NET}_domain
icmp_${DMZ_NET}_:
tcp_1.1.2.13_www"
# PRIVATE DMZ switches
###############################################################################
# Services port-forwarded to the DMZ network
# Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]"
#DMZ_SERVER0="udp $EXTERN_IP domain 192.168.2.1 domain"
#DMZ_SERVER1="tcp $EXTERN_IP domain 192.168.2.1 domain"
DMZ_SERVER2="tcp 0.0.0.0 1723 192.168.11.241 1723"
DMZ_SERVER3="tcp 195.121.6.34 smtp 192.168.11.242 smtp"
DMZ_SERVER4="tcp 0.0.0.0 ftp 192.168.11.243 ftp"
# Allow all outbound traffic from DMZ (YES)
# or just traffic from port-forwarded servers (NO)
DMZ_OUTBOUND_ALL=YES
And this is the error message when i run svi network reload
# svi network reload
Stopping Network:
Stopping interface: eth1
Stopping: Routes, IP filters, IP firewalling, IP Forwarding
Starting Network: [IP Always Defrag: ENABLED]
IP filters: Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
firewall [IP Forwarding: ENABLED]
Loopback interface: lo
Starting interface: eth1
Hostname: ibiza-gw02
Static NS: 4 hosts
thnks
-------------------------------------------------------------
Reginald R. Richardson
[EMAIL PROTECTED] on 3/2/2002
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
