Hi Chris,
> If each domain has its own IP address does that mean that I > will need to > bind those ip addresses to the internet interface on the > firewall? If so > can anyone explain how I can bind multiple ipaddress to 1 interface. Two options here, which may or may not be practical depending on your IP configuration... 1) Bind the addresses to the web servers and route to them. Use ipchains on the firewall for access control 2) Bind the addresses to the firewall and port forward relevant requests to the internal/DMZ web servers Option 1 is generally the best if its do-able. Option 2 can create mildly tricky issues if you want to see the real IP's of the web page requestors in your web logs. If you want option2, you'd use something like ifconfig eth0 main.ip.address.x network.mask.x.x ifconfig eth0:2 second.ip.address.x network.mask.x.x etc. You may need to enable aliasing in your kernel if not already enabled. > If if tell ipchains to only allow www,dns, and ssh on the internet > interface, will it allow connections aimed at any of the 4 ip > addresses > or will it only allow the first one bound to the interface? If you configure subinterfaces as above you will have multiple internet connections and can apply ipchains to each one. If you route, you can still do much the same. Cheers, Marty Netway Networks Pty Ltd (T) 8920 8877 (F) 8920 8866 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
