Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ipchains and port forwarding

From: Mike LaPane <mlapane () comcast net>
Date: Tue, 04 Mar 2003 09:37:31 -0500
On Tuesday 04 March 2003 8:38 am, Robert E. Martin wrote:

OK. That makes sense. I do have iproute2 working on the machine and I
can make sense of the documentation, however, will this technique work
across multiple segments? If I route through several subnets to get to
the physical web server box, will this still work or does the machine
need to be on the same physical subnet? I can go with iptables and it
does seem much easier . I have considered this to be the thing to do and
you know what they say, no guts, no glory!


As long as you have a route to that address space it will work fine.

iptables is really much easier. just remember for your fw rules - NAT first, 
access rules second.

remember to add secondary IP addresses to your external interface (or proxy 
arp) - probably just as easy to add a secondary.

Good luck,
-Mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: