Creating a simple NAT and DMZ firewall
In this recipe, we will create a simple NAT firewall with DMZ using iptables.
Getting ready
Besides having a Terminal open, you need to ensure that iptables
is installed in your machine.
How to do it…
We will write a script to set up a DMZ using iptables
. Create a dmz_iptables.sh
script and write the following code in it:
# set the default policy to DROP iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # to configure the system as a router, enable ip forwarding by sysctl -w net.ipv4.ip_forward=1 # allow traffic from internal (eth0) to DMZ (eth2) iptables -t filter -A FORWARD -i eth0 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # allow traffic from internet (ens33) to DMZ (eth2) iptables -t filter -A FORWARD -i ens33 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ens33 -m state...