Alternatively, if these are located in the same building, you can consolidate the two gateX boxes into a single firewall with three NICs: 1 connected to the Internet, 1 connected to the DMZ, 1 connected to the local LAN. Then you just write all your rules on a single box. Just be sure to write very specific rules, including the interface and direction (in recv em0 not via em0, for example).
|