Re: [suse-security] Web server behind firewall
That would be more secure. That is the DMZ examples which are listed in the samples and documentation. It should be just as easy. Marc has done a very good job with SuSE
firewall2.
Jim
11/11/01 04:06:30 PM, Scheme Loh
--- James Bliss
wrote: Look at Scenarios 5 and 6 in the EXAMPLES file (in a normal install this is /usr/share/doc/packages/SuSEfirewall2).
Good luck, you should be able to do this fairly easily.
Jim
Was very easy. Too easy perhaps?
Here's my setup:
SuSE 7.2 minimal install with: SuSEfirewall2 iptables
eth0 to the world eth1 to internal
I have about a dozen computers on my internal network. 192.168.1.x
I put the webserver (w2k running IIS/CF/Generator2) at 192.168.1.90
I edited FW_FORWARD_MASQ to include:
0/0.192.168.1.90,tcp,80
Poof, the webserver can be seen from the internet at large.
I'm a graphics/video guy, but my heart of hearts tells me that this is not the optimal set-up- to have my web server on the same network as my internal computers.
My idea is to add a third ethernet card (eth2) and have it on another network 10.0.0.x. Then change FW_FORWARD_MASQ to go to 10.0.0.x and leave my 192.168.1.x network the way it is now.
In a nutshell, what is a DMZ?
Thanks everyone!
===== Daniel Woodard
__________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
James Bliss