[Firewall] virtual interfaces on eth1

Boris Folgmann boris at folgmann.de
Wed Jun 13 05:54:21 MDT 2007


Hi,

> they are assigned respectively in eth0 and eth0:1
> I want to do:
> 200.62.XX.130:80>192.168.1.3:80
> 200.62.XX.146:80>192.168.1.5:80

Nice idea. But looking at firewall.conf of the current version I'm pretty 
sure, that you can't do this with arno's at the moment. It's not possible, 
even if you use eth0 and eth1.

If you put in a rule like the above in a forward variable of firewall.conf, 
this means something different:

200.62.XX.130:80>192.168.1.3:80

Forward all connects originating from 200.62.XX.130 to port 80 of the 
firewall to 192.168.1.3:80. So 200.62.XX.130 would be the IP of the PC with 
the webbrowser.

To solve your problem, you need to use port 80 and port 81 for example.
To get rid of port 81, you need non-private IP addresses for your 2 DMZ 
webservers.

You could also use a reverse proxy on your firewall and use namebased vhosts.

cu,
	boris

-- 
Dipl.-Inf. Boris Folgmann   mailto:boris at folgmann.de
TeamForge GmbH              http://www.teamforge.de
-m-o-d-w-a-r-s-             http://www.modwars.de



More information about the Firewall mailing list