Public Web Server In The Dmz The Choke Lan And Remote Hosts As Clients

In this example, the site hosts a public web server in the DMZ.

The gateway is a bidirectional conduit, allowing public access to the local server, as well as continuing to allow local access to remote sites using the rules presented in the preceding section. These rules apply to the gateway and would require a predefined constant of DMZ WEB SERVER:

$IPT -A FORWARD -i $EXTERNAL_INTERFACE -o $DMZ_INTERFACE -p tcp \ --sport $UNPRIVPORTS -d $DMZ_WEB_SERVER —dport 80 \ -m state --state NEW -j ACCEPT

This document is created with trial version of CHM2PDF Pilot 2.15.72.

$IPT -A FORWARD -i $EXTERNAL_INTERFACE -o $DMZ_INTERFACE -p tcp \ --sport $UNPRIVPORTS -d $DMZ_WEB_SERVER —dport 443 \ -m state --state NEW -j ACCEPT

$IPT -A FORWARD -i $DMZ_INTERFACE -o $EXTERNAL_INTERFACE -p tcp \ -s $LAN_ADDRESSES —sport $UNPRIVPORTS --dport 80 \ -m state --state NEW -j ACCEPT

$IPT -A FORWARD -i $DMZ_INTERFACE -o $EXTERNAL_INTERFACE -p tcp \ -s $LAN_ADDRESSES —sport $UNPRIVPORTS --dport 443 \ -m state --state NEW -j ACCEPT

$IPT -A FORWARD -i $DMZ_INTERFACE -o $EXTERNAL_INTERFACE -p tcp \ -s $CHOKE_IPADDR --sport $UNPRIVPORTS --dport 80 \ -m state --state NEW -j ACCEPT

$IPT -A FORWARD -i $DMZ_INTERFACE -o $EXTERNAL_INTERFACE -p tcp \ -s $CHOKE_IPADDR --sport $UNPRIVPORTS --dport 443 \ -m state --state NEW -j ACCEPT

The choke's rules remain the same as they were in the preceding section.

Was this article helpful?

0 0

Post a comment