![](https://seccdn.libravatar.org/avatar/c60cb91a2e1c79188caabdf6f8b35a79.jpg?s=120&d=mm&r=g)
Webserver Box: SuSE 9.0 with Shorewall 1.4.8 Webserver working like a charm... I am DNATing from firewall to real IP address of this webserver in my DMZ Question - without opening myself to vulerability, How do I route to get YaST updates through a 2nd NIC, eth1 ? (eth0 is default as it should be) YaST appears to be trying to make a tcp port 80 connection, but all my "80" connections are DNAT from the 192.168.10 subnet... I also probably do not wish to open an outgoing port 80. What I am looking for is server administration through eth1 and to leave eth0 alone for DNATing from the internet. Suggestions ? Thoughts ? eth0 192.168.10.x eth1 192.168.25.x /etc/sysconfig/network/routes 192.168.10.fw 192.168.10.x 255.255.255.255 eth0 192.168.25.gw 192.168.25.x 255.255.255.255 eth1 default 192.168.10.fw - - "fw" denotes primary firewall IP to DMZ "gw" denotes primary gateway IP to the rest of my LAN
participants (1)
-
Bill.Light@kp.org