helo there,
i read the FAQ but you didnt anser my question... what ip/settings do i give the DMZ ehternet card on my firewall box.. so eth0 is the ip x.x.x.67, my mailserver is currently x.x.x.66 ... and this .66 needs to connect to the dmz ethernet card eth1.... so my question still is what do you need to set to eth1 if you want to use section 13 with susefirewall2 if you have public ip boxes on your dmz ethernet...
does iptables translate the addresses our does the seusefw2 reroute packets to the dmz ethernet no matter what i set? how is this all working.. this is my question.. i read the FAQs but they didnt explain what to set for the DMZ interface when using public ips from the same subnet on the external eth0 and the dmz eth1...
thanks again,
andy
---- Original Message -----
From: "Togan Muftuoglu"
* Andreas Bittner;
on 19 Aug, 2002 wrote: subject: how can i have public IPs in the DMZ with SuSEfirewall2
deutscher text weiter unten / german text follows below ----------------
Hello all,
i have been searching around quite a while and couldnt find a solution.
i have 8 public ip addresses from our internet service provider (netmask is 255.255.255.248)
i have a suse 8 linux box with 3 ethernet network cards. eth0 is external connected directly with crossover to the router of the ISP. eth1 is the dmz ethernet card. eth2 is the internal network. should be 192.168.200.x with netmask 255.255.255.0 ... something like that..
now i have read in the SuSEfirewall2 config file in secion 13, that the SuSEfirewall2 supports public IP in the DMZ zone.. even the EXAMPLE file is talking about a scenario with a webserver with ports 80 and 443 running with public ip 200.200.200.200 in the DMZ... in my case i want to run a mailserver in the DMZ with public ip, and it only needs port25 to the internet, and its getting mails only from secific hosts on the internet. so its not included in an mx record anywhere but gets mails from a virus detection/mailscanning companies mailservers there...
from the SuSEfirewall2 FAQ it should give you start
Q: I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let people on the internet access my pages? A: Same principle as above. Lets say your web server has got an official IP address of 1.1.1.1 which you received from your ISP. You would just configure FW_FORWARD_TCP like this: FW_FORWARD="0/0,1.1.1.1,tcp,80"
HTH --
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here