Hi everyone,
I have problems with my DMZ network. I''m using Linux with three
interface (eth0, eth1,eth2). eth0 is connected to my dsl modem, eth1 is for my
DMZ network where it contains all my websites, eth2 is my private network.
I''m using iptables. Below is my diagram:
|-----------|
DSL (Internet) eth0 ------ |Firewall | ------- eth2 (Private Network)
|-----|-----|
|
|
eth1 (DMZ
network)
my current set-up:
eth0 : 203.164.168.30
gw: 203.164.168.29
mask: 255.255.255.252
eth1: 203.164.168.161 (also the gateway of the network)
mask:255.255.255.248
website 1: 203.164.168.163
website 2: 203.164.168.164
website 3: 203.164.168.165
I want to set-up my network like this:
eth0 : same IP
same gateway
same netmask
eth1 : 10.10.10.1
gw: 10.10.10.1
website1: 10.10.10.5
website2:10.10.10.6
website3:10.10.10.7
website1 public address is 203.164.168.163
website2 public address is 203.164.168.164
website3 public address is 203.164.168.165
So my iptables looks like this:
iptables --table nat -A PREROUTING -p tcp -d 203.164.168.163 --dport 80 -j DNAT
--to-destination 10.10.10.5
iptables --table nat -A PREROUTING -p tcp -d 203.164.168.164 --dport 80 -j DNAT
--to-destination 10.10.10.6
iptables --table nat -A PREROUTING -p tcp -d 203.164.168.165 --dport 80 -j DNAT
--to-destination 10.10.10.7
So what i mean is that any request for 203.164.168.163 to 165 would pass through
my firewall then with my iptables set as such, it would be forwarded to my
webserver.
Does anybody knows how to work this thing out? Is it possible? Please reply.
Thanks!
Rose
On Fri, 4 Oct 2002, Roselyn Calleja wrote:> I have problems with my DMZ network. I''m using Linux with three interface (eth0, eth1,eth2). eth0 is connected to my dsl modem, eth1 is for my DMZ network where it contains all my websites, eth2 is my private network. I''m using iptables. Below is my diagram: > > eth0 : 203.164.168.30 > gw: 203.164.168.29 > mask: 255.255.255.252 > > eth1: 203.164.168.161 (also the gateway of the network) > mask:255.255.255.248 > website 1: 203.164.168.163 > website 2: 203.164.168.164 > website 3: 203.164.168.165 > > I want to set-up my network like this: > > eth1 : 10.10.10.1 > gw: 10.10.10.1 > website1: 10.10.10.5 > website2:10.10.10.6 > website3:10.10.10.7 > website1 public address is 203.164.168.163 > website2 public address is 203.164.168.164 > website3 public address is 203.164.168.165 > Does anybody knows how to work this thing out? Is it possible? Please reply.I''m very new to this list, but IMHO this list is for iproute2 and traffic conditioner. Your Problem looks like normal routing problems. 1. Why using privat IP''s if you have public IP''s ? 2. Is the first setup decribed above curently working ? if not, you may need proxy-arp or modify your arp-cache if yes, ip-aliasing will be your friend and then you can use DNAT. 3. if you setup private ips for security reasons you better use proxy services. and so on .... P.S. can some listinsider give me some rules for answering this kind of questions DROP, REJECT, FORWARD, ACCEPT ? :) greets, Tami _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/