> that it uses Port forwarding (DNAT)
> but I do not want to use this
Not nessecary, you can also use ProxyARP (see documentation)
> I want to restrict which incoming IP''s can get to
> which ports on each of these servers.
with both DNAT and Proxyarp that''s no problem
> On the web servers I CANNOT change 3 of them from port 80
???
> What problems will I hit
None that I can think of :-)
Regards, Niels
-----Original Message-----
From: Denis Croombs [mailto:denis@imsltd.com]
Sent: 04 September 2002 17:59
To: Shorewall list
Subject: [Shorewall-users] 12 Public address''s in the DMZ
I am setting up a DMZ with 8 Web servers in my DMZ (all public
address''s) +
4 other systems, will Shorewall cope with this ? I note from the Three
interface manual that it uses Port forwarding (DNAT) but I do not want to
use this, I want to restrict which incoming IP''s can get to which ports
on
each of these servers. On the web servers I CANNOT change 3 of them from
port 80 (running on a Multiuser DOS based web server)
What problems will I hit
Many thanks
Denis Croombs
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.384 / Virus Database: 216 - Release Date: 21/08/2002
_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users