2 Jul
2004
2 Jul
'04
15:44
Quoting Mike Branda
O.K. I'm about to give up. I've been messing with the setup for SuSEfirewall2 which is apparently a niced up front end to IPTABLES. I'm trying to get a DMZ up so when I have to fix something on our renderfarm at 3 AM I can do it from home through ssh. [snip]
I don't quite understand why you're setting up a DMZ. There is a much simpler way of accomplishing this: FW_SERVICES_EXT_TCP="ssh" This will allow you to ssh into the firewall box from the internet. From there, you can then ssh into whichever internal IP address that needs fixing. It's far safer than opening up a DMZ to any of your internal machines...