About Firewall configuration
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Tue Apr 3 00:01:11 UTC 2007
aragonx at dcsnow.com wrote:
>>Dear All,
>>
>>I want to know MUST the Server machine BEHIND the linux firewall /
>>router machine, then it can be assign ( use ) PRIVATE IP to instead of
>>PUBLIC IP ?
>>Dear All,
>>
>>I want to know MUST the Server machine BEHIND the linux firewall /
>>router machine, then it can be assign ( use ) PRIVATE IP to instead of
>>PUBLIC IP ?
>>
>>
>
>I am not sure I understand the question.
>
>If you are asking:
>
>If a machine has to be behind a NATed firewall before you can assign a
>private IP address. The answer is yes and no. If you want to have
>several machines to have access to the Internet and only one IP, then you
>would need to use Network Address Translation. Then you could use one of
>the private IP address ranges for all of the machines on your internal
>network while only having a single box directly exposed to the Internet.
>This is not the same as a true firewall though because it really doesn't
>HAVE to block any traffic. So the box would really be just a router.
>
>In cases like this, I have found it best to have two NICs in the box that
>has Internet access. That way, you can use one NIC for external and one
>NIC for internal traffic.
>
>Here is a simple script that I think would work.
>
>
>IPTABLES=/sbin/iptables
>EXTIF="eth0"
>INTIF="eth1"
>$IPTABLES --table nat --append POSTROUTING --out-interface $EXTIF -j
>MASQUERADE
>$IPTABLES --append FORWARD --in-interface $INTIF -j ACCEPT
>echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
Hello,
If all of server are NOT DMZ, then they can be assigned ( used ) Private
IP ?
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070403/6e015bf4/attachment-0001.htm>
More information about the fedora-list
mailing list