1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Many DMZ

Discussion in 'DD-WRT Firmware' started by xpanmanx, Apr 3, 2007.

  1. xpanmanx

    xpanmanx Network Guru Member


    I'm running SP2 micro as a front firewall. The back firewall is ISA 2006. I'm bridging SSL through the ISA to a private host.

    I need to add a second web listener on the ISA to build a bridge to another host. So I'll need to route two public IPs to separate hosts in the DMZ. Is SP2 micro capable of this?

    Thanks --
  2. xpanmanx

    xpanmanx Network Guru Member


    Restated: I want to add a 2nd public IP and route that traffic to a 2nd DMZ host. The IP and the route have to be durable.

    Can this be done through the GUI?

    If it's a CLI kind of thing, well, a Unix acquaintance mumbled something to me about IP aliasing, IPtables and rc.local, but then he left for the weekend. I'm pretty novice with Unix so I could use the help, if someone can spare the time.

    Best regards,

    Tim ==
  3. xpanmanx

    xpanmanx Network Guru Member


    The answer to my little riddle lay in several posts on the DD-WRT forum. Here's what I ended up doing.......

    ifconfig vlan1:1 aaa.bbb.ccc.ddd netmask broadcast xxx.xxx.xxx.xxx
    (where aaa.bbb.ccc.ddd is the desired public address)

    /usr/sbin/iptables -I FORWARD -d uuu.xxx.yyy.zzz -j ACCEPT
    /usr/sbin/iptables -t nat -I PREROUTING 1 -p all -d aaa.bbb.ccc.ddd -j DNAT --to uuu.xxx.yyy.zzz
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s uuu.xxx.yyy.zzz -j SNAT --to aaa.bbb.ccc.ddd
    (where uuu.xxx.yyy.zzz is the desired private address)


Share This Page