![](https://seccdn.libravatar.org/avatar/b8bcae2c6249926efff539115acc919c.jpg?s=120&d=mm&r=g)
Date: Fri, 15 Dec 2000 21:18:31 +0000
From: Lee
With the adsl package I will be assigned 13 IP addresses. I need to segregate one section of the network for the LAN (using NAT and to firewall it off), and another section for the 'DMZ', where 95% of the IP addresses will be used to run various net facing servers. Lee
JPC> I am assuming that your topography looks something like: <p>JPC> |---------------| |---------------| JPC> | |(ethernet1) | | JPC> | DMZ |\ | Internet | JPC> | | \ / | | JPC> |---------------| \ / |---------------| JPC> \ /ADSL | JPC> \ / | JPC> SuSE6.4 |ADSL JPC> Firewall | JPC> / \ | JPC> |---------------| / \ |---------------| JPC> | | / \ | Server Farm | JPC> | LAN | / \ |---------------| JPC> | |(ethernet2) (ethernet3) JPC> |---------------| JPC> You'll need 4 NICs in your firewall as follows JPC> You'll want to use NAT for your DMZ. JPC> You'll just want to firewall your LAN. JPC> You'll want a bridge to your Servers. (Not necessary, but keeps internal JPC> traffic internal). JPC> All default traffic hits the ADSL link. JPC> If you are using IPCHAINS, you'll want to do something like: bash>>ipchains -P input ACCEPT bash>>ipchains -P output ACCEPT bash>>ipchains -P forward DENY bash>>ipchains -A forward -b -S DMZ -j MASQ bash>>ipchains -A forward -b -S LAN -j ACCEPT JPC> You'll need to setup some routing prior to doing these rules. These rules JPC> are very loose and are not the best settings as far as securing things. JPC> Hopefully this will get you started and you'll be able to tighten things JPC> as you learn. JPC> Good Luck. JPC> =========== =========== JPC> Jonathan Paul Cowherd JPC> jpcowh01@slug.louisville.edu JPC> http://www.slug.louisville.edu/~jpcowh01 JPC> This is my world and I am... World Leader Pretend JPC> =========== ===========