I go back to ask for advice ..
I have a firewall with two external cards, one in ppo and one in dhcp and two lan cards
Therefore:
Card 1 - ppoe
Card 2 - External DHCP - with webserver
Card 3 - lan 1 on network 192.168.112.0/24
Card 4 - lan 2 on 172.168.1.0/24 network - dmz
I wish I could tell the firewall that card 3 gets internet from card 1.
On board 2 there is a small webserver that must communicate with a db located inside the network of board 3, so I added a fourth board as dmz and created a pinhole with the port I need (the webserver therefore has two configured boards, the board 2 and the dmz board).
Currently everything works, the problem is that every tot has to disable and re-enable the dmz card because it no longer communicates via pinhole and above all the machines connected on the network card 3 occasionally take the public ip of the card 2.
I have some confusion in my head
especially about how to communicate the db with the webserver
I have a firewall with two external cards, one in ppo and one in dhcp and two lan cards
Therefore:
Card 1 - ppoe
Card 2 - External DHCP - with webserver
Card 3 - lan 1 on network 192.168.112.0/24
Card 4 - lan 2 on 172.168.1.0/24 network - dmz
I wish I could tell the firewall that card 3 gets internet from card 1.
On board 2 there is a small webserver that must communicate with a db located inside the network of board 3, so I added a fourth board as dmz and created a pinhole with the port I need (the webserver therefore has two configured boards, the board 2 and the dmz board).
Currently everything works, the problem is that every tot has to disable and re-enable the dmz card because it no longer communicates via pinhole and above all the machines connected on the network card 3 occasionally take the public ip of the card 2.
I have some confusion in my head
especially about how to communicate the db with the webserver
In Gateway
Share this post:
Responses (2)
-
Accepted Answer
-
Accepted Answer
I thought, to solve the first point on the custom firewall use the rule:
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth3 -j ACCEPT
so i should turn the ppoe connection on card 3 of the internal lan network
for the other point
iptables -A FORWARD -i eth2 -o eth3 -j DROP
to block data traffic between the two LAN networks and
iptables -A INPUT -p tcp --dport 1521 -j ACCEPT
to put the database in communication with the webserver (the db is in eth3 and the webserver in eth2)
But before I try, I need your opinion
Obviously I would remove the dmz
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »