| 1 |
> I've been trying to build a simple firewall with a DMZ for a |
| 2 |
> web server. |
| 3 |
|
| 4 |
Dude, trying to use iptables directly was your first mistake. |
| 5 |
|
| 6 |
Take a spin out and look at shorewall (I'm sure others have different |
| 7 |
recommendations). |
| 8 |
|
| 9 |
Shorewall will get you up and running in no time and will easily handle the |
| 10 |
configuration stuff from your original post. |
| 11 |
|
| 12 |
Trying to manage such a complex config using iptables directly is doomed to |
| 13 |
failure; any mistake in ordering of rules, etc., will break your |
| 14 |
connectivity. Sticking with a tool like shorewall will simplify rules |
| 15 |
maintenance and pose less of a problem when performing updates later on. |
| 16 |
|
| 17 |
Dave |
| 18 |
|
| 19 |
|
| 20 |
-- |
| 21 |
gentoo-user@g.o mailing list |
Archives