Thanks --- Jörn_Ott <suse-security@ott-service.de> a écrit : > Hi Frédéric,
I read that FW_FORWARD_MASQ don't be used for security reason. How i can create a DMZ without using FW_FORWARD_MASQ but visible from internet ?
Usually you should have a block of real IP adresses for your DMZ. Then your firewall should be configured as router to pass any request to one of those adresses on to the machines in the DMZ.
If you don't have that option, you must fwd/masq to reach the DMZ or use programs like rinetd to forward connections to the firewall automagically to a machine in the DMZ (or internal network). Both are possible security risks.
cya Jörn
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
participants (1)
-
Frédéric Poulet