On 03/09/2012 12:13 PM, Wojtek wrote:> Hello,
>
> My ISP allows me to place one of my computers (10.0.0.1) in a
"DMZ", which means
> that all traffic directed to my public IP address (say 200.200.200.200)
will be
> transparently forwarded to that machine.
> It does not handle the trusted LAN (10.0.0.0/24) it is part of, the NAT is
done
> by the ADSL box. It is also not a true DMZ as the 10.0.0.1 computer does
not
> own/manage the public IP.
>
> What would be the correct way to define zones on 10.0.0.1 in that case? I
am
> looking at limiting the inbound traffic from Internet to a few ports,
outbound
> open, inbound from the LAN open.
>
> I read the ""Shorewall Setup Guide" but none of the setups
seems to be aligned
> with my case.
> Thank you for any pointers!
http://www.shorewall.net/Multiple_Zones.html#Special shows this type of
setup. In that example, the special zone is a sub-zone of the
''loc'' zone
but the technique is the same in any zone.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/