[Sussex] ipchains help please
Neil Ford
neil at smudgypixels.net
Fri Feb 28 14:40:01 UTC 2003
On Fri, 28 Feb 2003 04:12:14 -0500, Steve Dobson wrote:
> 1). Your ISP has assigned to you a single [dynamic] IP address
> for your network. (The configuration for a home user).
> If so you cannot have a DMZ; as only one machine on your network
> is given an address that the rest of the internet can talk to.
> The connection machine must masquerade for all your other
> machines. From other parts of your posting this is what
> I will assume.
Not strictly true.
IPCop manages quite well to have a DMZ on only one assigned static IP.
Incoming requests come into the IPCop box and it forwards them onto the
appropriate machine. Works quite well to. By not allowing machines in
your DMZ to initiate connections to your private network you keep
things nice and neat.
Of course to some, this isn't necessarily what would be classified as a
DMZ.
In answer to the original question, dump SuSE and install IPCop, it
will make life so much easier.
Neil.
--
Neil Ford
neil at smudgypixels.net
http://www.smudgypixels.net
http://www.binky.ourshack.org/weblog
More information about the Sussex
mailing list