September 2005
Intermediate to advanced
552 pages
13h 30m
English
Content preview from Linux Firewalls, Third EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
iptables Firewall for a Choke Firewall from Chapter 6
Chapter 6 built on the standalone firewall example to develop either a gateway or a choke firewall. The gateway separated the Internet from the DMZ. The choke separated the DMZ from the LAN. The two firewalls were largely identical in terms of what they forwarded. They differed in that the gateway host didn't host any services, whereas the choke firewall did for the LAN.
NAT wasn't used in the Chapter 6 sample scripts. A private Class C network block was divided between the DMZ and LAN as a demonstration, and the assumption was made that both networks' address spaces were not within the private address space. The forward rules perform the actual firewall filtering. The nat table is used to ...