iptables - three legged topology
Hi everyone, I fight for hours with this, It seems that I don't really understand iptables or something.
Situation: I'm trying to build a network with this famous three legged disposition, here is my desired topology: LAN | | (eth1) | ROUTER ---(vnet0)--- DMZ (httpd, pbx) | | (eth0) | Internet In the router I installed an openvz with two containers for the httpd and pbx servers (10.1.1.x) The LAN net range is 10.0.0.x The router works as DNS, DHCPD and NAT provider (sorry if I am too obvious with the details) This is my iptables file: http://pastebin.com/G4KQTQTj ---- My desire is to have this DMZ with some ports open (like 80) to WAN, but with no comunication with the LAN. I will also want to computers on LAN can connect with the DMZ. I tryied a DROP policy for INPUT and FORWARD chain rules but something don't works. Sorry for my english and thanks in advance! |
Quote:
|
|
Solved with this rules: http://paste.debian.net/173440/
|
All times are GMT -5. The time now is 07:00 AM. |