Beg me pardon If I jump in the middle of a thread, But the
subject lend me to a reflexion.
You must very thoroughsly define in the firewall UI the
different net segments, what is not done at present time.
You must distinguish clearly:
* the external net (=Internet or the hardware router if any)
* the DMZ if any
* the local(s) net (private adresses)
* __the local machine__
the problem is important because for Iptable the local
machine is a special one and in most small networks this
very same machine is not only the gateway, but also the server
Let me state that in "normal" network organisation the web,
ftp, mail server should go on the DMZ. In that case they
are identified by they interface name.
But many DSL users now have a gateway/router/server... and
little net expertise. In fact it's for _these_ people that
the Firewall configuration must be the better designed (the
experienced users can make themselves the iptables
instructions).
So, define your vocabulary and explain...
For example, configuring postfix is extremely difficult
because the domain name is undefined. You have a local net
domain name (private IP) may be (or may be not) a public
domain name (dodin.org, for me) and don't know what is the
gateway name... what is the "hostname" of the gateway?
You are probably not aware of these problems (I beg they are
not problems for you :-), but for me they are and I manage a
server for several years now :-(
thanks
jdd
--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
