[Sussex] ipchains help please

[Steve Dobson]

Neil

On Fri, Feb 28, 2003 at 04:33:45PM +0000, Neil Ford wrote:
> IPCop does indeed support VPNs, but you don't need that to do it.
> 
> The DMZ stuff does work, I have clients using it in exactly the 
> situation we are discussing here, having a mail server sitting on the 
> end of an ADSL link but not inside their private network.
> 
> One of their future plans is to include support for having multiple IPs 
> on the external interface which will allow for forwarding to multiple 
> servers on the DMZ. For now, if you want to run different servers on 
> the same protocol, you have to have different ports forwarded, eg: 80 
> and 8080.

Having slept on it I now see your point.  The packets may have been 
re-directed but they still originated from out side the network so must
be handled with care.  In the words of a Guru: "A private DMZ this is."

> My suggestion was based on the fact that I know it can do what is being 
> asked and comes with an superb user interface (IMO) which makes setting 
> up this kind of arrangement really easy. Yes, you can roll your own 
> (and as Jon said, if your going to do that, use OpenBSD :-)) or you can 
> use a solution that has already done most of the hard work.
> 
> Horses for courses really.

Agreed - As a IT consultant time is money and there are many, many ways
to solve each problem; time is money - and as a consultant putting in 
a solution you know is often the best move.

But this list is for a LUG; this make non-Linux solutions of topic.
Okay I know this list doesn't have the best track record of staying
on Linux related stuff all the time.  But the original posting clearly
stated that he was using SuSE,  therefore I believe that Linux solutions
should be explored first.  Of course this is just my PoV.

Steve