OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Re: [suse-security] same ip for two interfaces
From: emmeggler.ch
Date: Thu Nov 02 2000 - 10:58:22 CST

> > the INTERNAL interface has a private ip address (192.168.x.x).
> > i am talking about the EXTERNAL and the DMZ interface !!
> >
> > i want to do that, because they've got only 8 public ip-addresse (so 6
> > actually)
>
> So use 10.0.0.1 on the DMZ interface. as long as no-one on the INTERNET needs to
> talk directly to that interface it'll work fine. I.e. a traceroute would show
>
> 1.2.3.4 (your isp's router)
> 5.6.7.8 (external ip on your firewall)
> * * * (can't talk to him....)
> 5.6.7.9 (IP of your server on the DMZ).
>
> See?
>
> -Kurt
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com

If you do not have enough IP numbers consider port forwarding.
E. g., everything that comes in on your firewalls external ip
address on port 80 is forwarded to the http-server/proxy in the
dmz. In such a setup, the dmz host can have a private address
and reside in a private network.

With such a setup you can provide a complete internet service
(web, email, dns etc.) on just one IP number (if you do not
have several hosts for the same service - e. g. http/80 on
host1 and host2).

--emmerich

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com