How to setup dmz
i have following setup
Redhat 9.0 linux proxy server eth0 192.168.1.2 internal eth1 59.144.124.58 external i want to configure dmz on eth2.so how i do this.my isp is giving me only one static ip.we want to access our application server(192.168.1.249:8500)from internet.i heard about dmz all do that stuff.so please give me full deatils on dmz as iam newbie to linux. |
Whats the DMz
Actually DMZ is not any service, it just means an area which is like the lobby of a hotel.
It is the area where you should place the servers which you want to access from the internet like SMTP / Web or Application Servers like you want it. I looks like this DMZ Internet <---> Router <----> Server 1 / Server2 <----> Router <----> Intranet Some more infos you will find using Google (which you know yourself, I think). So DMZ just means an potential unsecure area which is connected to the internet but not directy to your ethernet. What you can do to access you Applicationserver from the Internet is to use IPTables to make a Portforwarding from your Router or Proxy (which is connected to the Internet) to your Applicationserver. |
i had searched in google but not found any article on how to start with dmz.please send me the link.also give me iptables commands for port forwarding because i am new to iptables.
|
1) unfortunattely GERMAN http://www.chkorn.de/tutorials-und-co/firewall-theorie/
2) http://www.tldp.org/HOWTO/IPCHAINS-HOWTO-7.html 3) http://publib.boulder.ibm.com/infoce.../07010307.html 4) http://www.mikrotik.com/docs/ros/2.8/appex/dmz Checking for iptables command........please wait Concerning iptables prerouting <---> Forward <--> Postrouting ........................|..............| ........................|..............| ........................I..............O ........................N..............U ........................P..............T ........................U..............P ........................T..............U .......................................T For Portforwarding you need to make a DNAT (Destination Network Adress Translation) before the routing desission is made. So the exact command would be like iptables -t nat -A PREROUTING -p tcp --dport 80 -i ppp0 -j DNAT --to XXX.XX.XX.XX:80 This meens that you forward anything that is comming on port 80 to the server with the IP xxx.xx.xx.xx. So you just need to find out which service you want to forward an there you go! |
All times are GMT -5. The time now is 11:17 AM. |