Enable DMZ for Public IP

From WiDirect
Jump to: navigation, search

Setting up a DMZ for a public IP address will point all traffic directed to the public IP address to the private IP address. Also all traffic from the private IP address will be redirected to be sent from the public IP. To enable DMZ for an IP address you first need to SSH to the WiDirect and run these commands:

su -
emacs /etc/sysconfig/iptables

Towards the bottom of that file you will see lines that look like this:

*nat
:OUTPUT ACCEPT [401:23400]
:POSTROUTING ACCEPT [375:21730]
:PREROUTING ACCEPT [144:12599]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT

You will want to add two additional lines before the COMMIT line. The following example redirects all traffic to 74.103.39.7 to 172.16.1.10:

*nat
:OUTPUT ACCEPT [401:23400]
:POSTROUTING ACCEPT [375:21730]
:PREROUTING ACCEPT [144:12599]
-A POSTROUTING -o eth0 -j MASQUERADE 
-A PREROUTING -d 74.103.39.7 -i eth0 -j DNAT --to-destination 172.16.1.10
-A POSTROUTING -s 172.16.1.10 -o eth0 -j SNAT --to-source 74.103.39.7
COMMIT

To save and exit that file press Control-X followed by Control-C. Restart the firewall by running these commands:

service iptables restart
service awicp_client restart

You will also need to add a subinterface with the desired IP on eth0. On the Network & Routing page click the button to add the subinterface. Enter the desired IP and subnet mask to create it.

It may also be a good idea to add the user to the trusted user list in the firewall configuration. That way the user will not be disconnected by the firewall.