DMZ question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello People,

I'm not sure if the subject for this mail is correct or not.

I have a laptop which is connected to the internet using eth0.
I run a VM of Debian Stable with UML which gets connected to tap0.
Presently I'm masquerading to allow the VM to connect to the internet.
`iptables -t nat -A POSTROUTING -s VM-IP -o eth0 -j MASQUERADE`;
echo "1" > /proc/sys/net/ipv4/ip_forward

I want to keep my VM completely naked to the internet while still keeping my
laptop secure.

Do these iptable rules suffice ?

==
iptables -t nat -A POSTROUTING -s VM-IP -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -i eth0 -d VM-IP -j ACCEPT;
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
==

Thanks,
Ritesh
- -- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
"Necessity is the mother of invention."
"Stealing logic from one person is plagiarism, stealing from many is
research."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENsac4Rhi6gTxMLwRAsQTAJ9kymRRjA0oWmW6NWLDCY2/t/p1qgCfVbjQ
P7B1Jex18H7XySSARf91C64=
=RD10
-----END PGP SIGNATURE-----



-- 
This message has been brought to you by The Linux-Nepal Yahoo! Group 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/linux-nepal/

<*> To unsubscribe from this group, send an email to:
    linux-nepal-unsubscribe-hHKSG33TihhbjbujkaE4pw@xxxxxxxxxxxxxxxx

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/