routing rules for dmz in debian router.

Thread Tools Search this Thread
Operating Systems Linux routing rules for dmz in debian router.
# 1  
Old 07-24-2009
routing rules for dmz in debian router.

Hi to all.
There are eth0(wan) eth1(lan) and eth3(dmz) in my debian router.
# uname -a
Linux internet 2.6.26-1-686 #1 SMP Sat Jan 10 18:29:31 UTC 2009 i686 GNU/Linux
In dmz is planing dns, ad, dhcp, smtp/pop/imap, https(web-based imap client). I don't configured rules on "iptables" and "route" loads for right relation lan clients with dmz services.

Please explain me example basic rules in that situation.
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Debian As A Router [Not Assigning IPs]

I've been trying to set up an old desktop as a wifi router. I've looked at a lot of information online, but mostly this: I've gotten where I can see the ssid from my phone and laptop. However, it starts to connect, but never receives... (1 Reply)
Discussion started by: Azrael
1 Replies

2. IP Networking

Dual Router (routing problem)

This is the network configuration I have: +-------------------------------------------------+ +===========+ | | | | | INTERNET |---| LINUXBOX2 | ... (4 Replies)
Discussion started by: matteo
4 Replies

3. UNIX for Dummies Questions & Answers

Remote Unix printing to my WinXP works with no router. How can I make it work through my router?

I set up remote printing on a clients Unix server to my Windows XP USB printer. My USB printer is connected directly to my PC (no print server and no network input on printer). With my Win XP PC connected to my cable modem (without the router), i can do lp -dhp842c /etc/hosts and it prints. I... (7 Replies)
Discussion started by: jmhohne
7 Replies

4. UNIX for Advanced & Expert Users

Firewall - 2 Internet accesses - routing rules from source

Hello, I would like to modify my firewall configuration for being able to handle 2 internet connections in my Red zone. I would then like to configure some selecting routing rules depending on the internal source. Actual configuration: ===================== 1 router A (ISP)... (1 Reply)
Discussion started by: el70
1 Replies
Login or Register to Ask a Question
dibbler-relay(8)						      Dibbler							  dibbler-relay(8)

dibbler-relay - a portable DHCPv6 relay DESCRIPTION
dibbler-relay is a portable implementation of the DHCPv6 relay. DHCPv6 relays are proxies, which allow one server to support links, which server is not directly connected to. There are ports available for Linux 2.4/2.6 systems as well as MS Windows XP and 2003. They are freely available under GNU GPL version 2 (or later) license. SYNOPSIS
dibbler-relay [ run | start | stop | status ] OPTIONS
run - starts relay in the console. Relay can be closed using ctrl-c. start - starts relay in daemon mode. stop - stops running relay. status - shows status of the relay. EXAMPLES
Relay forwards DHCPv6 messages between interfaces. Messages from client are encapsulated and forwarded as RELAY_FORW messages. Replies from server are received as RELAY_REPL message. After decapsulation, they are being sent back to clients. It is vital to inform server, where this relayed message was received. DHCPv6 does this using interface-id option. This identifier must be unique. Otherwise relays will get confused when they will receive reply from server. Note that this id does not need to be alligned with system interface id (ifindex). Think about it as "ethernet segment identifier" if you are using Ethernet network or as "bss identifier" if you are using 802.11 network. Let's assume this case: relay has 2 interfaces: eth0 and eth1. Clients are located on the eth1 network. Relay should receive data on that interface using well-known ALL_DHCP_RELAYS_AND_SERVER multicast address (ff02::1:2). Relay also listens on its global address 2000::123. Packets received on the eth1 should be forwarded on the eth0 interface, also using multicast address: log-level 8 log-mode short iface eth0 { server multicast yes } iface eth1 { client multicast yes client unicast 2000::123 interface-id 1000 } Here is another exmaple. This time messages should be forwarded from eth1 and eth3 to the eth0 interface (using multicast) and to the eth2 interface (using server's global address 2000::546). Also clients must use multicasts (the default approach): iface eth0 { server multicast yes } iface eth2 { server unicast 2000::456 } iface eth1 { client multicast yes interface-id 1000 } iface eth3 { client multicast yes interface-id 1001 } FILES
All files are created in the /var/lib/dibbler directory. During operation, Dibbler saves various file in that directory. Dibbler relay reads /etc/dibbler/relay.conf file. Log file is named client.log. STANDARDS
This implementation aims at conformance to the following standards: RFC 3315 DHCP for IPv6 RFC 3736 Stateless DHCPv6 BUGS
Bugs are tracked with bugzilla, available at If you belive you have found a bug, don't hesitate to report it. AUTHOR
Dibbler was developed as master thesis on the Technical University of Gdansk by Tomasz Mrugalski and Marek Senderski. Currently Marek has not enough free time, so this project is being developed by Tomasz Mrugalski. Author can be reached at SEE ALSO
There are dibbler-server(8) and dibbler-client(8) manual pages available. You are also advised to take a look at project website located at As far as authors know, this is the only Windows DHCPv6 stateful implementation available and the only one with relay support. It is also one of two freely available under Linux. The other Linux implementation is available at, but it is rather outdated and seems not being actively developed. GNU
2004-12-11 dibbler-relay(8)