LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables - three legged topology (https://www.linuxquestions.org/questions/linux-networking-3/iptables-three-legged-topology-949108/)

duckmanito 06-07-2012 06:26 PM
iptables - three legged topology
 
Hi everyone, I fight for hours with this, It seems that I don't really understand iptables or something.

Situation:

I'm trying to build a network with this famous three legged disposition, here is my desired topology:

LAN
|
| (eth1)
|
ROUTER ---(vnet0)--- DMZ (httpd, pbx)
|
| (eth0)
|
Internet

In the router I installed an openvz with two containers for the httpd and pbx servers (10.1.1.x)

The LAN net range is 10.0.0.x

The router works as DNS, DHCPD and NAT provider (sorry if I am too obvious with the details)

This is my iptables file: http://pastebin.com/G4KQTQTj

----

My desire is to have this DMZ with some ports open (like 80) to WAN, but with no comunication with the LAN. I will also want to computers on LAN can connect with the DMZ. I tryied a DROP policy for INPUT and FORWARD chain rules but something don't works.

Sorry for my english and thanks in advance!

KinnowGrower 06-07-2012 09:18 PM
Quote:
Originally Posted by duckmanito (Post 4698260)
My desire is to have this DMZ with some ports open (like 80) to WAN, but with no comunication with the LAN. I will also want to computers on LAN can connect with the DMZ. I tryied a DROP policy for INPUT and FORWARD chain rules but something don't works.
Can you please list/show ip tables rules. It will be good if you can "show" what did you tried and did not work.

duckmanito 06-07-2012 09:20 PM
I posted it:

This is my iptables file: http://pastebin.com/G4KQTQTj

duckmanito 06-07-2012 10:55 PM
Solved with this rules: http://paste.debian.net/173440/


All times are GMT -5. The time now is 07:00 AM.