Many DMZ

Discussion in 'DD-WRT Firmware' started by xpanmanx, Apr 3, 2007.

  1. xpanmanx

    xpanmanx Network Guru Member

    Greetings,

    I'm running SP2 micro as a front firewall. The back firewall is ISA 2006. I'm bridging SSL through the ISA to a private host.

    I need to add a second web listener on the ISA to build a bridge to another host. So I'll need to route two public IPs to separate hosts in the DMZ. Is SP2 micro capable of this?

    Thanks --
     
  2. xpanmanx

    xpanmanx Network Guru Member

    Bump

    Restated: I want to add a 2nd public IP and route that traffic to a 2nd DMZ host. The IP and the route have to be durable.

    Can this be done through the GUI?

    If it's a CLI kind of thing, well, a Unix acquaintance mumbled something to me about IP aliasing, IPtables and rc.local, but then he left for the weekend. I'm pretty novice with Unix so I could use the help, if someone can spare the time.

    Best regards,

    Tim ==
     
  3. xpanmanx

    xpanmanx Network Guru Member

    HAPPY DANCE

    The answer to my little riddle lay in several posts on the DD-WRT forum. Here's what I ended up doing.......

    Administration:Commands:Startup
    ifconfig vlan1:1 aaa.bbb.ccc.ddd netmask 255.255.255.248 broadcast xxx.xxx.xxx.xxx
    (where aaa.bbb.ccc.ddd is the desired public address)

    Administration:Commands:Firewall
    /usr/sbin/iptables -I FORWARD -d uuu.xxx.yyy.zzz -j ACCEPT
    /usr/sbin/iptables -t nat -I PREROUTING 1 -p all -d aaa.bbb.ccc.ddd -j DNAT --to uuu.xxx.yyy.zzz
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s uuu.xxx.yyy.zzz -j SNAT --to aaa.bbb.ccc.ddd
    (where uuu.xxx.yyy.zzz is the desired private address)

    .
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice