Shorewall DMZ question

Shorewall DMZ question

Post by deje1 » Mon, 10 Mar 2003 08:30:16

I am running shorewall latest version (1.3xx) on an rh8 router/fw with
2 zones--dmz and local, I have it set up as specified by the howtos at, but it says I would still have to use DNAT to get
(otherwise dropped) packets moved to a DMZ host. My qn is I was given
to understand that a dmz naturally receives all packets (unfiltered)
and that this is the purpose of the demilitarized zone but if I still
need to do DNAT, then what is the purpose of a dmz running on a
separate interface? I mean I could create a zone 'joe' and have DNAT
route packets to hosts there, rite? Am I missing the point (that dmz
should be user-maintained) or is there some other thing that a fw does
to packets headed for a dmz?

thanks, I know Im dumb... =)


1. LINUX/shorewall firewall to firewall VPN question

I have a linux firewall front ending a site which works fine.  I am
using shorewall as the script interface to iptables.

I would like to place another linux firewall at a remote site so that
I can build an incryped tunnel between each site.  I would like to
mount windows shared folders over the net securly using DSL.  I want
to do SSL type encrypton between each site.

I have used SSL to build tunnels but I don't know how to configure
this type of tunnel with shorewall and iptables.

Could someone point me to information on how to configure this type of

2. Invisible processes?

3. newbie, shorewall question

4. Port forwarding with iptables ???

5. DMZ question

6. flickering screen at 72 refresh rate

7. Linux Firewall/Router w/DMZ setup questions

8. second hard disk

9. dmz, bridging question in linux

10. ipchains/firewall/dmz question

11. Question on VPN & DMZ

12. Basic DMZ routing/subnet question

13. Shorewall config on Mandrake 9.0