[Firewall] virtual interfaces on eth1

Martin Garcia mgarcia at nettix.com.pe
Wed Jun 13 08:37:17 MDT 2007


Hey Boris:

Thanks for your reply.
I think this, feature could be a "feature request" ;) not sure about arnos thoughts.

By the other hand, since I replaced my old iptables script with arnos firewall, is it
possible to put the old DNAT iptables rules in arnos? in custom rules?

Let me know your thoughts


-- 
Cualquier duda o consulta estoy a su disposicion.

Atentamente / Sincerely

MARTIN GARCIA
Consultor Linux y redes
Nettix Peru
telf: +(511)9735-4848
<http://www.nettix.com.pe> 
mailto:mgarcia at nettix.com.pe


On Wed, 13 Jun 2007 13:54:21 +0200, Boris Folgmann wrote
> Hi,
> 
> > they are assigned respectively in eth0 and eth0:1
> > I want to do:
> > 200.62.XX.130:80>192.168.1.3:80
> > 200.62.XX.146:80>192.168.1.5:80
> 
> Nice idea. But looking at firewall.conf of the current version I'm pretty 
> sure, that you can't do this with arno's at the moment. It's not possible, 
> even if you use eth0 and eth1.
> 
> If you put in a rule like the above in a forward variable of firewall.conf, 
> this means something different:
> 
> 200.62.XX.130:80>192.168.1.3:80
> 
> Forward all connects originating from 200.62.XX.130 to port 80 of the 
> firewall to 192.168.1.3:80. So 200.62.XX.130 would be the IP of the PC with 
> the webbrowser.
> 
> To solve your problem, you need to use port 80 and port 81 for example.
> To get rid of port 81, you need non-private IP addresses for your 2 DMZ 
> webservers.
> 
> You could also use a reverse proxy on your firewall and use namebased vhosts.
> 
> cu,
> 	boris
> 
> -- 
> Dipl.-Inf. Boris Folgmann   mailto:boris at folgmann.de
> TeamForge GmbH              http://www.teamforge.de
> -m-o-d-w-a-r-s-             http://www.modwars.de
> 
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> -- 
> Este mensaje ha sido analizado por MailScanner
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
> 
> Para soluciones tecnologicas de valor agregado 
> visite: http://www.nettix.com.pe



-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

Para soluciones tecnologicas de valor agregado 
visite: http://www.nettix.com.pe




More information about the Firewall mailing list