Re: Help the newbie set up his DMZ machine

Sat, 09 Dec 2000 05:21:17 -0800 

                Hi David,

 First thing to say is that I am not sure if you can set up a DMZ at all. This 
involves your ISP to route traffic for 123.45.67.90 over 123.45.67.89 (include 
this machine in their routing tables as the router for your "domain", 
resulting in an extra hop (123.45.67.89) being added for traffic for 
123.45.67.90), and if you didn't discuss this with them I don't think this is 
the case. This has been discussed on this list (or was it the install list?) 
not too long ago. Check the archives, if that works. The redhat-list archives 
can be searched at http://www.moongroup.com/old/redhat.php, the other redhat 
list should be searched at http://www.redhat.com/mailing-lists/, but that does 
not seem to work :(.
 You could try portforwarding traffic for 123.45.67.90. You'll have to set up 
this address as an alias on eth1 of your firewall.

> Assume that my ISP will route all traffic for the two static external IPs
> 123.45.67.89 and 123.45.67.90 to me. Now, the questions:
> 
> 1) Am I confused? Do I want eth2 in the firewall to have the external ".90"
> address, and eth0 in the DMZ gets some other address (like what...?)

 Since you probably have to set up portforwarding this would be the case. No 
real DMZ this way though.

> 2) What are the netmasks for eth0 and eth2 in the firewall...just plain old
> 255.255.255.0?

 Since 123.45.67.89 & -90 are class B addresses this should be 255.255.0.0 ;). 
But since I assume these are not your real IP addresses, it depends.

> 3) What are the MINIMUM routing rules necessary in the firewall to get 
> traffic that is sourced from the internal net over to the DMZ box?

 The RedHat init scripts usually set up the routing tables fine. In home 
networking schemes you usually don't need more than a route to every interface 
(or in some cases you can use the adjacent network instead of the host 
address), plus a route to the networks behind these interfaces.

                                        Bye,

                                        Leonard.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to