Hi everyone, I fight for hours with this, It seems that I don't really understand iptables or something.
Situation:
I'm trying to build a network with this famous three legged disposition, here is my desired topology:
LAN
|
| (eth1)
|
ROUTER ---(vnet0)--- DMZ (httpd, pbx)
|
| (eth0)
|
Internet
In the router I installed an openvz with two containers for the httpd and pbx servers (10.1.1.x)
The LAN net range is 10.0.0.x
The router works as DNS, DHCPD and NAT provider (sorry if I am too obvious with the details)
This is my iptables file:
http://pastebin.com/G4KQTQTj
----
My desire is to have this DMZ with some ports open (like 80) to WAN, but with no comunication with the LAN. I will also want to computers on LAN can connect with the DMZ. I tryied a DROP policy for INPUT and FORWARD chain rules but something don't works.
Sorry for my english and thanks in advance!