Re: This is possible?

NetFilter

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: This is possible?

from [Taylor, Grant]

[Permanent Link][Original]

To:	netfilter@lists.netfilter.org
Subject:	Re: This is possible?
From:	"Taylor, Grant" <gtaylor@riverviewtech.net>
Date:	Mon, 27 Nov 2006 09:35:00 -0600
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<c576e5da0611270416v2baae792v786457639970f83@mail.gmail.com>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<c576e5da0611270416v2baae792v786457639970f83@mail.gmail.com>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	Thunderbird 1.5.0.8 (X11/20061025)

Mike S. Matsumoto wrote:

<snip>

Guys, this is possible?


Yes.

I have two connections with Internet. And I need that DMZ use
Connection 1 and Internal NET use Connection 2 for access Internet.

So, i will have one default gw for connection 1 and another forconnection 2.


How this work? Any tutorial or link for help me?


If you have different subnets on your DMZ LAN from that of your internal LAN
this can easily be accomplished with IP Route 2 rules.  Namely set up one
(named / numbered) routing table for each connection and then set up some
"ip rule"s to decide which routing table to use based on source IP subnet.

If you do not have different subnets on your DMZ LAN from that of your
internal LAN, you can do something very similar based on firewall marking.
I'll presume that your DMZ LAN is on a different interface than your
internal LAN.  In this case, mark one of the LAN interfaces via IPTables and
then use an "ip rule" to match the fwmark to decide which routing table to use.



Grant. . . .

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
This is possible?, Mike S. Matsumoto Re: This is possible?, Taylor, Grant <=

Previous by Date:	Passive FTP sees remote's _internal_ IP!!??, gypsy
Next by Date:	Re: Passive FTP sees remote's _internal_ IP!!??, David Sims
Previous by Thread:	This is possible?, Mike S. Matsumoto
Next by Thread:	Iptables/Bridge/Passive FTP problem, Gary W. Smith
Indexes:	[Date] [Thread] [Top] [All Lists]