1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Many DMZ

Discussion in 'DD-WRT Firmware' started by xpanmanx, Apr 3, 2007.

  1. xpanmanx

    xpanmanx Network Guru Member

    Greetings,

    I'm running SP2 micro as a front firewall. The back firewall is ISA 2006. I'm bridging SSL through the ISA to a private host.

    I need to add a second web listener on the ISA to build a bridge to another host. So I'll need to route two public IPs to separate hosts in the DMZ. Is SP2 micro capable of this?

    Thanks --
     
  2. xpanmanx

    xpanmanx Network Guru Member

    Bump

    Restated: I want to add a 2nd public IP and route that traffic to a 2nd DMZ host. The IP and the route have to be durable.

    Can this be done through the GUI?

    If it's a CLI kind of thing, well, a Unix acquaintance mumbled something to me about IP aliasing, IPtables and rc.local, but then he left for the weekend. I'm pretty novice with Unix so I could use the help, if someone can spare the time.

    Best regards,

    Tim ==
     
  3. xpanmanx

    xpanmanx Network Guru Member

    HAPPY DANCE

    The answer to my little riddle lay in several posts on the DD-WRT forum. Here's what I ended up doing.......

    Administration:Commands:Startup
    ifconfig vlan1:1 aaa.bbb.ccc.ddd netmask 255.255.255.248 broadcast xxx.xxx.xxx.xxx
    (where aaa.bbb.ccc.ddd is the desired public address)

    Administration:Commands:Firewall
    /usr/sbin/iptables -I FORWARD -d uuu.xxx.yyy.zzz -j ACCEPT
    /usr/sbin/iptables -t nat -I PREROUTING 1 -p all -d aaa.bbb.ccc.ddd -j DNAT --to uuu.xxx.yyy.zzz
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s uuu.xxx.yyy.zzz -j SNAT --to aaa.bbb.ccc.ddd
    (where uuu.xxx.yyy.zzz is the desired private address)

    .
     

Share This Page