[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] DMZ Setup is killing me!!



Quoting Mike Branda <mike@xxxxxxxxxxxxx>:
>
> O.K.  I'm about to give up.  I've been messing with the setup for
> SuSEfirewall2 which is apparently a niced up front end to IPTABLES.  I'm
> trying to get a DMZ up so when I have to fix something on our renderfarm
> at 3 AM I can do it from home through ssh.   [snip]

I don't quite understand why you're setting up a DMZ.  There is a much simpler
way of accomplishing this:

FW_SERVICES_EXT_TCP="ssh"

This will allow you to ssh into the firewall box from the internet.  From there,
you can then ssh into whichever internal IP address that needs fixing.  It's
far safer than opening up a DMZ to any of your internal machines...

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here