That would be more secure. That is the DMZ examples which are listed in the samples and documentation. It should be just as easy. Marc has done a very good job with SuSE
firewall2.
Jim
11/11/01 04:06:30 PM, Scheme Loh
--- James Bliss
wrote: Look at Scenarios 5 and 6 in the EXAMPLES file (in a normal install this is /usr/share/doc/packages/SuSEfirewall2).
Good luck, you should be able to do this fairly easily.
Jim
Was very easy. Too easy perhaps?
Here's my setup:
SuSE 7.2 minimal install with: SuSEfirewall2 iptables
eth0 to the world eth1 to internal
I have about a dozen computers on my internal network. 192.168.1.x
I put the webserver (w2k running IIS/CF/Generator2) at 192.168.1.90
I edited FW_FORWARD_MASQ to include:
0/0.192.168.1.90,tcp,80
Poof, the webserver can be seen from the internet at large.
I'm a graphics/video guy, but my heart of hearts tells me that this is not the optimal set-up- to have my web server on the same network as my internal computers.
My idea is to add a third ethernet card (eth2) and have it on another network 10.0.0.x. Then change FW_FORWARD_MASQ to go to 10.0.0.x and leave my 192.168.1.x network the way it is now.
In a nutshell, what is a DMZ?
Thanks everyone!
===== Daniel Woodard
__________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com