LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to setup dmz (https://www.linuxquestions.org/questions/linux-networking-3/how-to-setup-dmz-459110/)

satish 06-28-2006 08:43 AM
How to setup dmz
 
i have following setup
Redhat 9.0 linux proxy server

eth0 192.168.1.2 internal
eth1 59.144.124.58 external

i want to configure dmz on eth2.so how i do this.my isp is giving me only one static ip.we want to access our application server(192.168.1.249:8500)from internet.i heard about dmz all do that stuff.so please give me full deatils on dmz as iam newbie to linux.

saavik 06-28-2006 09:02 AM
Whats the DMz
 
Actually DMZ is not any service, it just means an area which is like the lobby of a hotel.

It is the area where you should place the servers which you want to access from the internet like SMTP / Web or Application Servers like you want it.

I looks like this

DMZ
Internet <---> Router <----> Server 1 / Server2 <----> Router <----> Intranet

Some more infos you will find using Google (which you know yourself, I think).

So DMZ just means an potential unsecure area which is connected to the internet but not directy to your ethernet.

What you can do to access you Applicationserver from the Internet is to use IPTables to make a Portforwarding from your Router or Proxy (which is connected to the Internet) to your Applicationserver.

satish 06-29-2006 09:20 AM
i had searched in google but not found any article on how to start with dmz.please send me the link.also give me iptables commands for port forwarding because i am new to iptables.

saavik 06-30-2006 01:08 AM
1) unfortunattely GERMAN http://www.chkorn.de/tutorials-und-co/firewall-theorie/
2) http://www.tldp.org/HOWTO/IPCHAINS-HOWTO-7.html
3) http://publib.boulder.ibm.com/infoce.../07010307.html
4) http://www.mikrotik.com/docs/ros/2.8/appex/dmz

Checking for iptables command........please wait

Concerning iptables

prerouting <---> Forward <--> Postrouting
........................|..............|
........................|..............|
........................I..............O
........................N..............U
........................P..............T
........................U..............P
........................T..............U
.......................................T

For Portforwarding you need to make a DNAT (Destination Network Adress Translation) before
the routing desission is made.

So the exact command would be like

iptables -t nat -A PREROUTING -p tcp --dport 80 -i ppp0 -j DNAT --to XXX.XX.XX.XX:80

This meens that you forward anything that is comming on port 80 to the server with the IP xxx.xx.xx.xx. So you just need to find out which service you want to forward an there you go!


All times are GMT -5. The time now is 11:17 AM.