Linux Demilitarized Zone (dmz) Ethernet Interface Requirements And Configuration 1v2w40
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Linux Demilitarized Zone (dmz) Ethernet Interface Requirements And Configuration as PDF for free.
More details 6y5l6z
- Words: 2,387
- Pages: 7
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
1 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
Main menu BASH Shell Linux CentOS Debian / Ubuntu Ubuntu Linux Suse RedHat and Friends Slackware Linux UNIX AIX Mac os x FreeBSD FreeBSD Jails (VPS) Openbsd Solaris Troubleshooting Nginx Networking MySQL See all tutorial topics Blog About us Forum RSS/FEED
Linux FAQ / Howtos
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and Configuration by Vivek Gite on December 15, 2007 · 25 comments· last updated at January 2, 2008 Q. Can you tell me more about Linux Demilitarized Zone and Ethernet Interface Card Requirements for typical DMZ implementation? How can a rule be set to route traffic to certain machines on a DMZ for HTTP or SMTP? A. Demilitarized zone, used to secure an internal network from external access. You can use Linux firewall to create DMZ easily. There are many different ways to design a network with a DMZ. The basic method is to use a single Linux firewall with 3 Ethernet cards. The following simple example discusses DMZ setup and forwarding public traffic to internal servers.
Sample Example DMZ Setup Consider the following DMZ host with 3 NIC: [a] eth0 with 192.168.1.1 private IP address - Internal LAN ~ Desktop system [b] eth1 with 202.54.1.1 public IP address - WAN connected to ISP router [c] eth2 with 192.168.2.1 private IP address - DMZ connected to Mail / Web / DNS and other private servers
(Fig 01: A typical Linux based DMZ setup [ Image modified from Wikipedia article] )
Routing traffic between public and DMZ server To set a rule for routing all incoming SMTP requests to a dedicated Mail server at IP address 192.168.2.2 and port 25, network address translation (NAT) calls a PREROUTING table to forward the packets to the proper destination. This can be done with appropriate IPTABLES firewall rule to route traffic between LAN to DMZ and public interface to DMZ. For example, all
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
2 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
incoming mail traffic from internet (202.54.1.1) can be send to DMZ mail server (192.168.2.2) with the following iptables prerouting rule (assuming default DROP all firewall policy): ### end init firewall .. Start DMZ stuff #### # forward traffic between DMZ and LAN iptables -A FORWARD -i eth0 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # forward traffic between DMZ and WAN servers SMTP, Mail etc iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Route incoming SMTP (port 25 ) traffic to DMZ server 192.168.2.2 iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 --dport 25 -j DNAT --to-destination 192.168.2.2 # Route incoming HTTP (port 80 ) traffic to DMZ server load balancer IP 192.168.2.3 iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 --dport 80 -j DNAT --to-destination 192.168.2.3 # Route incoming HTTPS (port 443 ) traffic to DMZ server reverse load balancer IP 192.168.2.4 iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 --dport 443 -j DNAT --to-destination 192.168.2.4 ### End DMZ .. Add other rules ###
Where, -i eth1 : Wan network interface -d 202.54.1.1 : Wan public IP address --dport 25 : SMTP Traffic -j DNAT : DNAT target used set the destination address of the packet with --to-destination --to-destination 192.168.2.2: Mail server ip address (private IP)
Multi port redirection You can also use multiport iptables module to matches a set of source or destination ports. Up to 15 ports can be specified. For example, route incoming HTTP (port 80 ) and HTTPS ( port 443) traffic to WAN server load balancer IP 192.168.2.3: iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 -m multiport --dport 80,443 -j DNAT --to-destination 192.168.2.3
Pitfalls Above design has few pitfalls: 1. Single point of failure - The firewall becomes a single point of failure for the network. 2. Hardware - The firewall Host must be able to handle all of the traffic going to the DMZ as well as the internal network.
Linux / BSD Firewall Distros If you find above discussion little hard to digest, I suggest getting a Linux / BSD distribution which aims to provide a simple-to-manage firewall appliance based on PC hardware to setup DMZ and gateways: IPCop Shorewall PfSense (FreeBSD based)
Further readings: Wes Sonnenreich. Building Linux And Openbsd Firewalls. - A step-by-step guide to bulding a commercial-grade firewall with open source software. Eric Maiwald. Network Security: A Beginner's Guide. Second Edition. - It gives a brief overview of most of the security related topics, perhaps one of the best books to start with. Michael Rash. Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort [ILLUSTRATED] - Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, ive authentication layer around iptables with fwknop. Updated for accuracy. Tweet
18
0 Curtir
14
StumbleUpon
You should follow me on twitter here or grab rss feed to keep track of new changes.
{ 25 comments… read them below or add one } George January 2, 2008 at 4:09 pm I want to add that there’s a mistake in the iptables rules: iptables -t nat -A PREROUTING -p t -i eth2 -d 202.54.1.1 –dport 25 -j DNAT
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
3 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
–to-destination 192.168.2.2. The problem is coming from -i eth2, the correct way is -i eth1 because we want packets coming from internet to be redirect to the DMZ. Reply vivek January 2, 2008 at 4:21 pm George, Thanks for the heads up. Reply Sathish August 1, 2008 at 8:35 am Hi, I have configured the DMZ mentioned in the above article. Routing concept is working fine, where as if I click on my LAN/Other networks by accessing the web-page [ex :www.xyz.com or http://xyz.com, it showing Apache test page, where as domain related page not working, what may be the problem. Please help me out. Thanks, Sathish Reply vivek August 1, 2008 at 9:09 am You need to configure Apache properly. Reply mirza August 5, 2008 at 2:38 am after George’s correction…. is the script already updated ? Reply vivek August 5, 2008 at 5:41 am mirza, Yes, it was updated after George’s correction.. Reply umesh October 7, 2008 at 6:09 pm Hi, I have 8 public Ips and want to configure FreeBSD as router and firewall and also want to use all 8 public IPs for my servers so pls can you suggest me how to do this. I am very confused…. Pls help…. Reply Gerald Sagoonick January 19, 2009 at 8:54 pm Nice one Reply satya February 27, 2009 at 7:32 am I tried with 2 network card to set as gateway server on Ubuntu 8.10 lts, its not working. Is thr any tips to troubleshoot Reply Vivek Gite February 27, 2009 at 7:51 am DMZ needs 3 network card. Reply Nepguy February 27, 2009 at 9:00 am Hey, Great Stuff ! But i have a little different case with me and wondering if you could help me. I want to put a server ( Mail and proxy) in same machine and instead of asg Private IP in the server in DMZ, I want to assign a public Ip.
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
4 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
So can you please help me out with the iptables and routing in the linux server having 3 Nics. Thanks in advance. Reply Vivek Gite February 27, 2009 at 11:09 am Rules remains same and replace private IP with public one. Reply Nepguy March 2, 2009 at 9:48 am Doesn’t any NATing thing required here? Reply satya March 19, 2009 at 6:32 am I am having 3 network card with 1..public Ip 2. 192.168.0.0—-servers 3. 192.168.1.0—-Lan I tried setting as router to allow internet access on lan , it din’t work, can u help me out Reply V.Balaviswanathan April 29, 2009 at 2:32 pm How to use iptables on a Debian or Ubuntu systems? You the ufw utility as a firewall and so how can one use that to forward or deny the ip packets? Please help me Reply yshri June 4, 2009 at 8:34 am hey, great article. Very informative and helped me a lot. But in my case, i found it risky and don’t want to use 3 interfaces on the same machine. Instead, I want to configure two firewall machines — one sits in front of DMZ and other sits in front of Local LAN. Could you please explore in little in depth the configuration and setup required in this ? If you could give a diagram of it would be of great help to me. Thanks a lot. Reply PG June 16, 2009 at 10:32 am Does this iptables rules share internet to the local LAN s? I want to implement like this: INTERNET—————–(pub ip)LINUX ROUTER(pvt ip) ————PROXY/MAIL SVR | LAN how will be the iptable rules change if i want to direct the LAN internet access through the proxy server? Thanks in advance. Prakash What will be the rules if i need to direct Reply PG June 16, 2009 at 10:41 am hey, in the earlier post, the LAN actually connects to one other NIC of LINUX Router. Reply Sachin March 13, 2010 at 7:29 pm My Network setup :I have 3 network card in CentOS firewall machine connected to ADSL router 1)Public ip –> 59.181.x.x which is nat on router to 192.168.1.1 2) eth0 (External interface) which had IP ADDR 192.168.1.5 and Gateway 192.168.1.1 In ifcfg-eth0 I have entry GATEWAY=192.168.1.1 3) eth1 (Lan network) which has IP ADDR 192.168.2.1 and connected to switch1 In ifcfg-eth1 I have not mentioned any GAETWAY 4) eth2 (DMZ) which has IP ADDR 192.168.0.50 and connected to switch2
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
5 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
In ifcfg-eth2 I have not mentioned any GATEWAY 5) Webserver is connected in DMZ network and has IP ADDR 192.16.0.51 (other Centos machine) My Problem :I am able to ssh from firewall machine to 192.168.0.51 and vice versa.ALso I am able to ping 192.168.1.5 from 192.168.0.51, BUT I am not able to ping 192.168.1.1 which is GATEWAY to 192.1681.5 I want my machine 192.168.0.51 to access outside network (internet) i.e it should ping 59.181.x.x Can someone suggest solution for this problem? Reply sparc86 May 8, 2010 at 9:07 pm @Sachin, could you show us your firewall script and your routing table ? Reply Mike December 1, 2010 at 4:34 pm Why would you want to include these rules: iptables -A FORWARD -i eth0 -o eth2 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT Since eth2 is on DMZ wouldnt you want to completely separate it from the lan ? Reply André Ricardo March 5, 2011 at 3:54 pm Great! Reply Akhim March 23, 2011 at 1:43 am great article Vivek Gite! Reply A.Jesin April 22, 2011 at 8:02 am Someone please help me I’m struggling to get port forwarding working. I have 2 machines system 1. with 2 ethernet ports eth1 public (ip 192.168.56.2) eth0 connected to system 2 (192.168.0.240) system 2. with 1 ethernet port eth0 connected to system1 (192.168.0.201) running a web server at 80 On system 1 I’ve set the following rule iptables -t nat -A PREROUTING -p t -i eth1 -d 192.168.56.2 –dport 80 -j DNAT –to-destination 192.168.0.201 but it doesn’t work at all when I access http://192.168.56.2/ But http://192.168.0.201/ works indicating that port 80 is open on system 2 Reply origama June 19, 2012 at 2:18 pm Hi, nice article, like every reading from this blog. I just want to suggest another distro: Zeroshell. Ok I am a little bit patriot (it’s an italian dostro) but I am using zeroshell since a year ago now and I find it is really simple and effective. Reply Leave a Comment Name * E-mail * Website
You can use these HTML tags and attributes for your code and commands: <strong> <em>
1 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
Main menu BASH Shell Linux CentOS Debian / Ubuntu Ubuntu Linux Suse RedHat and Friends Slackware Linux UNIX AIX Mac os x FreeBSD FreeBSD Jails (VPS) Openbsd Solaris Troubleshooting Nginx Networking MySQL See all tutorial topics Blog About us Forum RSS/FEED
Linux FAQ / Howtos
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and Configuration by Vivek Gite on December 15, 2007 · 25 comments· last updated at January 2, 2008 Q. Can you tell me more about Linux Demilitarized Zone and Ethernet Interface Card Requirements for typical DMZ implementation? How can a rule be set to route traffic to certain machines on a DMZ for HTTP or SMTP? A. Demilitarized zone, used to secure an internal network from external access. You can use Linux firewall to create DMZ easily. There are many different ways to design a network with a DMZ. The basic method is to use a single Linux firewall with 3 Ethernet cards. The following simple example discusses DMZ setup and forwarding public traffic to internal servers.
Sample Example DMZ Setup Consider the following DMZ host with 3 NIC: [a] eth0 with 192.168.1.1 private IP address - Internal LAN ~ Desktop system [b] eth1 with 202.54.1.1 public IP address - WAN connected to ISP router [c] eth2 with 192.168.2.1 private IP address - DMZ connected to Mail / Web / DNS and other private servers
(Fig 01: A typical Linux based DMZ setup [ Image modified from Wikipedia article] )
Routing traffic between public and DMZ server To set a rule for routing all incoming SMTP requests to a dedicated Mail server at IP address 192.168.2.2 and port 25, network address translation (NAT) calls a PREROUTING table to forward the packets to the proper destination. This can be done with appropriate IPTABLES firewall rule to route traffic between LAN to DMZ and public interface to DMZ. For example, all
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
2 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
incoming mail traffic from internet (202.54.1.1) can be send to DMZ mail server (192.168.2.2) with the following iptables prerouting rule (assuming default DROP all firewall policy): ### end init firewall .. Start DMZ stuff #### # forward traffic between DMZ and LAN iptables -A FORWARD -i eth0 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # forward traffic between DMZ and WAN servers SMTP, Mail etc iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Route incoming SMTP (port 25 ) traffic to DMZ server 192.168.2.2 iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 --dport 25 -j DNAT --to-destination 192.168.2.2 # Route incoming HTTP (port 80 ) traffic to DMZ server load balancer IP 192.168.2.3 iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 --dport 80 -j DNAT --to-destination 192.168.2.3 # Route incoming HTTPS (port 443 ) traffic to DMZ server reverse load balancer IP 192.168.2.4 iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 --dport 443 -j DNAT --to-destination 192.168.2.4 ### End DMZ .. Add other rules ###
Where, -i eth1 : Wan network interface -d 202.54.1.1 : Wan public IP address --dport 25 : SMTP Traffic -j DNAT : DNAT target used set the destination address of the packet with --to-destination --to-destination 192.168.2.2: Mail server ip address (private IP)
Multi port redirection You can also use multiport iptables module to matches a set of source or destination ports. Up to 15 ports can be specified. For example, route incoming HTTP (port 80 ) and HTTPS ( port 443) traffic to WAN server load balancer IP 192.168.2.3: iptables -t nat -A PREROUTING -p t -i eth1 -d 202.54.1.1 -m multiport --dport 80,443 -j DNAT --to-destination 192.168.2.3
Pitfalls Above design has few pitfalls: 1. Single point of failure - The firewall becomes a single point of failure for the network. 2. Hardware - The firewall Host must be able to handle all of the traffic going to the DMZ as well as the internal network.
Linux / BSD Firewall Distros If you find above discussion little hard to digest, I suggest getting a Linux / BSD distribution which aims to provide a simple-to-manage firewall appliance based on PC hardware to setup DMZ and gateways: IPCop Shorewall PfSense (FreeBSD based)
Further readings: Wes Sonnenreich. Building Linux And Openbsd Firewalls. - A step-by-step guide to bulding a commercial-grade firewall with open source software. Eric Maiwald. Network Security: A Beginner's Guide. Second Edition. - It gives a brief overview of most of the security related topics, perhaps one of the best books to start with. Michael Rash. Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort [ILLUSTRATED] - Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, ive authentication layer around iptables with fwknop. Updated for accuracy. Tweet
18
0 Curtir
14
StumbleUpon
You should follow me on twitter here or grab rss feed to keep track of new changes.
{ 25 comments… read them below or add one } George January 2, 2008 at 4:09 pm I want to add that there’s a mistake in the iptables rules: iptables -t nat -A PREROUTING -p t -i eth2 -d 202.54.1.1 –dport 25 -j DNAT
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
3 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
–to-destination 192.168.2.2. The problem is coming from -i eth2, the correct way is -i eth1 because we want packets coming from internet to be redirect to the DMZ. Reply vivek January 2, 2008 at 4:21 pm George, Thanks for the heads up. Reply Sathish August 1, 2008 at 8:35 am Hi, I have configured the DMZ mentioned in the above article. Routing concept is working fine, where as if I click on my LAN/Other networks by accessing the web-page [ex :www.xyz.com or http://xyz.com, it showing Apache test page, where as domain related page not working, what may be the problem. Please help me out. Thanks, Sathish Reply vivek August 1, 2008 at 9:09 am You need to configure Apache properly. Reply mirza August 5, 2008 at 2:38 am after George’s correction…. is the script already updated ? Reply vivek August 5, 2008 at 5:41 am mirza, Yes, it was updated after George’s correction.. Reply umesh October 7, 2008 at 6:09 pm Hi, I have 8 public Ips and want to configure FreeBSD as router and firewall and also want to use all 8 public IPs for my servers so pls can you suggest me how to do this. I am very confused…. Pls help…. Reply Gerald Sagoonick January 19, 2009 at 8:54 pm Nice one Reply satya February 27, 2009 at 7:32 am I tried with 2 network card to set as gateway server on Ubuntu 8.10 lts, its not working. Is thr any tips to troubleshoot Reply Vivek Gite February 27, 2009 at 7:51 am DMZ needs 3 network card. Reply Nepguy February 27, 2009 at 9:00 am Hey, Great Stuff ! But i have a little different case with me and wondering if you could help me. I want to put a server ( Mail and proxy) in same machine and instead of asg Private IP in the server in DMZ, I want to assign a public Ip.
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
4 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
So can you please help me out with the iptables and routing in the linux server having 3 Nics. Thanks in advance. Reply Vivek Gite February 27, 2009 at 11:09 am Rules remains same and replace private IP with public one. Reply Nepguy March 2, 2009 at 9:48 am Doesn’t any NATing thing required here? Reply satya March 19, 2009 at 6:32 am I am having 3 network card with 1..public Ip 2. 192.168.0.0—-servers 3. 192.168.1.0—-Lan I tried setting as router to allow internet access on lan , it din’t work, can u help me out Reply V.Balaviswanathan April 29, 2009 at 2:32 pm How to use iptables on a Debian or Ubuntu systems? You the ufw utility as a firewall and so how can one use that to forward or deny the ip packets? Please help me Reply yshri June 4, 2009 at 8:34 am hey, great article. Very informative and helped me a lot. But in my case, i found it risky and don’t want to use 3 interfaces on the same machine. Instead, I want to configure two firewall machines — one sits in front of DMZ and other sits in front of Local LAN. Could you please explore in little in depth the configuration and setup required in this ? If you could give a diagram of it would be of great help to me. Thanks a lot. Reply PG June 16, 2009 at 10:32 am Does this iptables rules share internet to the local LAN s? I want to implement like this: INTERNET—————–(pub ip)LINUX ROUTER(pvt ip) ————PROXY/MAIL SVR | LAN how will be the iptable rules change if i want to direct the LAN internet access through the proxy server? Thanks in advance. Prakash What will be the rules if i need to direct Reply PG June 16, 2009 at 10:41 am hey, in the earlier post, the LAN actually connects to one other NIC of LINUX Router. Reply Sachin March 13, 2010 at 7:29 pm My Network setup :I have 3 network card in CentOS firewall machine connected to ADSL router 1)Public ip –> 59.181.x.x which is nat on router to 192.168.1.1 2) eth0 (External interface) which had IP ADDR 192.168.1.5 and Gateway 192.168.1.1 In ifcfg-eth0 I have entry GATEWAY=192.168.1.1 3) eth1 (Lan network) which has IP ADDR 192.168.2.1 and connected to switch1 In ifcfg-eth1 I have not mentioned any GAETWAY 4) eth2 (DMZ) which has IP ADDR 192.168.0.50 and connected to switch2
10/10/2012 15:02
Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and ...
5 de 7
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
In ifcfg-eth2 I have not mentioned any GATEWAY 5) Webserver is connected in DMZ network and has IP ADDR 192.16.0.51 (other Centos machine) My Problem :I am able to ssh from firewall machine to 192.168.0.51 and vice versa.ALso I am able to ping 192.168.1.5 from 192.168.0.51, BUT I am not able to ping 192.168.1.1 which is GATEWAY to 192.1681.5 I want my machine 192.168.0.51 to access outside network (internet) i.e it should ping 59.181.x.x Can someone suggest solution for this problem? Reply sparc86 May 8, 2010 at 9:07 pm @Sachin, could you show us your firewall script and your routing table ? Reply Mike December 1, 2010 at 4:34 pm Why would you want to include these rules: iptables -A FORWARD -i eth0 -o eth2 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT Since eth2 is on DMZ wouldnt you want to completely separate it from the lan ? Reply André Ricardo March 5, 2011 at 3:54 pm Great! Reply Akhim March 23, 2011 at 1:43 am great article Vivek Gite! Reply A.Jesin April 22, 2011 at 8:02 am Someone please help me I’m struggling to get port forwarding working. I have 2 machines system 1. with 2 ethernet ports eth1 public (ip 192.168.56.2) eth0 connected to system 2 (192.168.0.240) system 2. with 1 ethernet port eth0 connected to system1 (192.168.0.201) running a web server at 80 On system 1 I’ve set the following rule iptables -t nat -A PREROUTING -p t -i eth1 -d 192.168.56.2 –dport 80 -j DNAT –to-destination 192.168.0.201 but it doesn’t work at all when I access http://192.168.56.2/ But http://192.168.0.201/ works indicating that port 80 is open on system 2 Reply origama June 19, 2012 at 2:18 pm Hi, nice article, like every reading from this blog. I just want to suggest another distro: Zeroshell. Ok I am a little bit patriot (it’s an italian dostro) but I am using zeroshell since a year ago now and I find it is really simple and effective. Reply Leave a Comment Name * E-mail * Website
You can use these HTML tags and attributes for your code and commands: <strong> <em>
Related Documents 3h463d
Linux Demilitarized Zone (dmz) Ethernet Interface Requirements And Configuration 1v2w40
November 2019 18
Dmz Configuration R12 v1p38
November 2019 48
Shadowrun - Dmz - Downtown Militarized Zone 562zy
December 2019 23
Ethernet Interface Ruggedcom Rmc30 136u2l
July 2021 0
The Linux Programming Interface 6x675y
November 2019 161