pearsondan99
01-28-2003, 07:21 PM
Hi,
Ok i m an IPtables newbie enough said! here's the problem:
I m running Redhat 7.3 with IPtables (out of the box no patches applied YET) my internet connection (eth1) is via a cable modem running on Telstra Broadband Cable, my internal connection runs to my home LAN, I installed the BPAlogin client and with the help of a downloaded script got my firewall up and running fine.
Now i want to add a DMZ with a web server in it, which from the netfilter site looks simple enough but this has stumped me. I ve played about with the SNAT and the DNAT but no joy, all i have achieved is connectivity between the internal LAN and the DMZ, packets will go out from the DMZ to the internet but wont come back so I am assuming it is a NAT issue? I ve checked the routing table and it looks fine.
I ve enclosed the firewall script, a visio diagram of my setup. Any help would be appriciated. one last thing is it possible to script the port mapping of the internet facing interface (eth1) which recives its IP dynamically to the web server? I ve read that you can do it via interface (eth1) rather than IP address???
Thanks in advance
Dan Pearson
Ok i m an IPtables newbie enough said! here's the problem:
I m running Redhat 7.3 with IPtables (out of the box no patches applied YET) my internet connection (eth1) is via a cable modem running on Telstra Broadband Cable, my internal connection runs to my home LAN, I installed the BPAlogin client and with the help of a downloaded script got my firewall up and running fine.
Now i want to add a DMZ with a web server in it, which from the netfilter site looks simple enough but this has stumped me. I ve played about with the SNAT and the DNAT but no joy, all i have achieved is connectivity between the internal LAN and the DMZ, packets will go out from the DMZ to the internet but wont come back so I am assuming it is a NAT issue? I ve checked the routing table and it looks fine.
I ve enclosed the firewall script, a visio diagram of my setup. Any help would be appriciated. one last thing is it possible to script the port mapping of the internet facing interface (eth1) which recives its IP dynamically to the web server? I ve read that you can do it via interface (eth1) rather than IP address???
Thanks in advance
Dan Pearson