-:> > Does anyone have any advice on how to setup the ipfilter
-:> > rules going to the DMZ?
-:> 
-:> The IPF HOW-TO (http://www.obfuscation.org/ipf/)
-:> elaborates quite a bit. Could you be more specific about
-:> what services you want to use?

Well, I guess this was too generic a question...  I currently have my
firewall setup to block EVERYTHING coming in from the Internet and to allow
EVERYTHING out from the Intranet.  The major exception is that I am blocking
all those know bad IP addresses.

I know that I will have to allow in the services I am going to be using
(FTP, SSH, SMTP, HTTP, POP, IMAP) to enter the firewall and be redirected to
the correct machines in the DMZ.  Currently they are being directed to the
said machines in the Intranet.

The question should have been:  What type of rules should I be setting up
with regards to allowing the DMZ access to the firewall?  The simplest would
be the same access as the Intranet, allow everything through.

-:> > routing purposes. In my current firewall, I have not
-:> > mucked with any routing to allow the clients to access the
-:> > Internet.  I have only had to setup IPNat correctly. Will
-:> > this change?
-:> 
-:> Only if any internal network and DMZ network hosts will
-:> communicate using their respective untranslated addresses
-:> i.e. no NAT.  Use of untranslated address may require
-:> enabling IP forwarding.

The client machines will be access via untranslated address.  So are you
saying that I don't have to muck with the router table, just enable IP
Forwarding?
 
Sam