Linux Router with Firewall
Nathaniel Hall
nathaniel.d.hall at gmail.com
Sat Nov 5 14:25:53 UTC 2005
Craig White wrote:
>On Fri, 2005-11-04 at 08:35 -0600, Nathaniel Hall wrote:
>
>
>>I know this sounds like a stupid questions, but I'm gonna ask anyway. I
>>would like to create a router using Fedora Core 3 (or 4) and netfilter,
>>but I don't want to masquerade. Am I going to have to do SNAT and DNAT
>>or is there any way I can do it without any kind of nat.
>>
>>
>----
>it might be easier to make suggestions if it were clearer what you had
>in mind.
>
>A router doesn't need to do NAT if the clients know where there are
>going (i.e. static routes) or it very well may be a proxy server like
>squid will do what you want.
>
>Craig
>
>
I have a setup with multiple firewalls around my DMZ. The DMZ is
addressed with legal IP addresses and the internal network is addressed
with private addresses. I perform many to one NAT on the external
firewall and simply route (and filter) at the internal firewall. This
keeps me from having to figure out which internal IP address was NATed
to which external IP address when I am looking at access logs. The
internal firewall took very little setup, but it isn't netfilter. Is
there any way to get FC4 to do the same?
--
Nathaniel Hall, GSEC GCIA
More information about the users
mailing list