Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can someone help me, I would like to set-up a DMZ in my iptables script. Is there a howto out there? I've been searching the forum and have found no good examples or howto's.
I basically want to let all traffic thru to my 192.168.0.252 dhcp client.
Originally posted by hakcenter i dont see the purpose as well...
as i was aware dmz just routes all new traffic to the dmz then to virtuals then dropped if nothing.
Basically, I can't get my ps2 to work thru my current firewall. I get's online but can't get past that. I am assuming that it is getting firewalled because when I hook it up to the modem (without firewall intervention), it works fine.
I basically want everything in and out of 192.168.0.252 to be untouched but I can't seem to find the way. If you all have a better suggestion, im all ears but the best advice I heard was a DMZ.
basically my net setup is...
eth0 is internet
eth1 is LAN
I have about 4 computers on the net 192.168.0.254..192.168.0.251..
My ps2 is 192.168.0.252, I would like all info to be passed without any kind of firewall intervention in and out of that IP. Right now, the ps2 can get online but some of the ports are closed (it's diff for each game), so I want to open all ports to the ps2 incoming and outgoing.
Um this post is useless... I have to read a little more carefully next time
Sorry guys...
It sounds like you're trying to set up a DMZ with 2 boxen. From my experience you need at least 3, one for routing (3 NIC's), one for "the trenches", and one for DMZ. The idea is that your servers are on a different subnet than your workstation(s), and even this isn't exactly killer security. Any DMZ I set up would be a gateway firewall on the front lines, then my servers, alongside an "invisible slut" bridge* (no ip's, promiscuous mode) which leads to my workstations, and silently drops virtually all inbound traffic without a record in the state table. This setup makes it extremely difficult to attack the DMZ workstations, as you have to get past the initial routing firewall, then the slut bridge, which has no IP address to attack. It may be a good idea to put 3 NIC's in the DMZ bridge, so that you can retrieve log files etc. and administrate remotely, just make sure the one with an IP is on the workstation side so it utilizes the security of the other two.
Originally posted by german Um this post is useless... I have to read a little more carefully next time
Sorry guys...
It sounds like you're trying to set up a DMZ with 2 boxen. From my experience you need at least 3, one for routing (3 NIC's), one for "the trenches", and one for DMZ. The idea is that your servers are on a different subnet than your workstation(s), and even this isn't exactly killer security. Any DMZ I set up would be a gateway firewall on the front lines, then my servers, alongside an "invisible slut" bridge* (no ip's, promiscuous mode) which leads to my workstations, and silently drops virtually all inbound traffic without a record in the state table. This setup makes it extremely difficult to attack the DMZ workstations, as you have to get past the initial routing firewall, then the slut bridge, which has no IP address to attack. It may be a good idea to put 3 NIC's in the DMZ bridge, so that you can retrieve log files etc. and administrate remotely, just make sure the one with an IP is on the workstation side so it utilizes the security of the other two.
HTH
B.
The only think I have in my DMZ would be the PS2 and from my limited knowldge. You can't do jack squat to a ps2 box that's firewall-less.
I can get thru my windows firewall with the ps2, so there HAS to be a way for it to work with linux. I just have no freakin idea what is holding it up. It can get online but can't connect to any game servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.