* Andreas Bittner;
subject: how can i have public IPs in the DMZ with SuSEfirewall2
deutscher text weiter unten / german text follows below ----------------
Hello all,
i have been searching around quite a while and couldnt find a solution.
i have 8 public ip addresses from our internet service provider (netmask is 255.255.255.248)
i have a suse 8 linux box with 3 ethernet network cards. eth0 is external connected directly with crossover to the router of the ISP. eth1 is the dmz ethernet card. eth2 is the internal network. should be 192.168.200.x with netmask 255.255.255.0 ... something like that..
now i have read in the SuSEfirewall2 config file in secion 13, that the SuSEfirewall2 supports public IP in the DMZ zone.. even the EXAMPLE file is talking about a scenario with a webserver with ports 80 and 443 running with public ip 200.200.200.200 in the DMZ... in my case i want to run a mailserver in the DMZ with public ip, and it only needs port25 to the internet, and its getting mails only from secific hosts on the internet. so its not included in an mx record anywhere but gets mails from a virus detection/mailscanning companies mailservers there...
from the SuSEfirewall2 FAQ it should give you start Q: I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let people on the internet access my pages? A: Same principle as above. Lets say your web server has got an official IP address of 1.1.1.1 which you received from your ISP. You would just configure FW_FORWARD_TCP like this: FW_FORWARD="0/0,1.1.1.1,tcp,80" HTH -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx