server in DMZ

Jason Opperisano opie at
Thu Sep 2 05:04:56 CEST 2004

On Wed, 2004-09-01 at 22:50, Payal Rathod wrote:
> Hi,
> I have a small webserver in DMZ at where we load our designs.
> I want to allow access to its port 80 only from local LAN (via. a squid 
> proxy on the gateway machine) and my client's office at 

i assume the squid proxy can already fetch content from the web server
in the DMZ for your LAN--if this is not the case; please post your
current rules:

  iptables -vnL && iptables -t nat -vnL && iptables -t mangle -vnL

allowing access from the outside:

iptables -A FORWARD -i $extIf -o $dmzIf -p tcp --syn \
  -s --sport 1024:65535 -d --dport 80 \

> Right now I can see it from all over the world, but I do want to restrict 
> the access. Remember that as now I want to continue accessing the DMZ machine 
> using its public IP and not just IP even from inside the LAN.
> What do I do in such case?

looks like the topic of the week is split-dns...


Jason Opperisano <opie at>

More information about the netfilter mailing list