I have a firewall I have been working on. 3 NICs. I have real IP addresses for the outside NIC, DMZ NIC, and servers in the DMZ. I used bridging to get packets from the internet to the servers in the DMZ. Here is the problem. Bridging seems to be at a lower level then packet filtering. I can't filter anything coming IN to the DMZ, only out. It works, and stops everything, but it is NOT the best setup at all!!! I am well aware of ways to attempt to comprimise the servers in the DMZ. A DOS or ping of death could work easily. Any thoughts on how to go about fixing this, or have I doomed myself using bridging?
Should I have virtually hosted the WEB and EMAIL server on the outside NIC of the firewall, and ipportfwd them to DMZ machines on a 192.x.x.x network? Redhat 6.2, latest Kernel, and latest patches for everything. Everything is working, just not the best. Bridging in no way effects blocking packets to the internal net. *note to haxorz* The whole setup is not on this Domain, not in use yet, and not even on the same set of IP addresses.don't bother trying to find it :) Chris
