Re: About Firewall configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



aragonx@xxxxxxxxxx wrote:
Dear All,

I want to know MUST the Server machine BEHIND the linux firewall /
router machine, then it can be assign ( use ) PRIVATE IP to instead of
PUBLIC IP ?
Dear All,

I want to know MUST the Server machine BEHIND the linux firewall /
router machine, then it can be assign ( use ) PRIVATE IP to instead of
PUBLIC IP ?
    

I am not sure I understand the question.

If you are asking:

If a machine has to be behind a NATed firewall before you can assign a
private IP address.  The answer is yes and no.  If you want to have
several machines to have access to the Internet and only one IP, then you
would need to use Network Address Translation.  Then you could use one of
the private IP address ranges for all of the machines on your internal
network while only having a single box directly exposed to the Internet. 
This is not the same as a true firewall though because it really doesn't
HAVE to block any traffic.  So the box would really be just a router.

In cases like this, I have found it best to have two NICs in the box that
has Internet access.  That way, you can use one NIC for external and one
NIC for internal traffic.

Here is a simple script that I think would work.


IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
$IPTABLES --table nat --append POSTROUTING --out-interface $EXTIF -j
MASQUERADE
$IPTABLES --append FORWARD --in-interface $INTIF -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
  
Hello,

If all of server are NOT DMZ, then they can be assigned ( used ) Private IP ?

Edward.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux