[ale] Firewall design
Christopher Fowler
cfowler at outpostsentinel.com
Wed Jun 1 09:25:20 EDT 2005
On Wed, 2005-06-01 at 09:07, James P. Kinney III wrote:
> So you have one real IP on the firewall box and virtual IP's that are
> directly routed to the real box's private IP.
>
> "iptables -t NAT -I PREROUTING -d <public IP> -j DNAT --to-destination
> <private IP>"
>
> There will be no filtering at all on this.
>
> Then add a back route:
> "iptables -t nat -I POSTROUTING -s <private IP> -j SNAT --to-source
> <public IP>"
>
> It would be good to modify those rules by making a series of tables that
> filters out the crap before just routing all the bandwidth to the work
> machines.
Thats is an interesting idea. Does this have any limitations?
More information about the Ale
mailing list