[Shorewall-newbies] Current situation, and eventual goals

Francesca C Smith fsmith at ladylinux.com
Thu Dec 4 19:19:34 PST 2003


Ok .. First thing first

Your interfaces file reads

net     eth0     routefilter,norfc1918
loc     eth1  

It should read

net     eth0    detect  routefilter,norfc1918
loc     eth1    detect

The Third Column is for the broadcast address .. You have the interface 
address there ..

Second Thing .. You need to read the part of the documentation that talks 
about "Multiple External Ethernet Addresses"


Then decide if you Wan't to use Proxyarp .. SNAT, NAT Or One To One Nat

Note: Proxyarp is the authors preference ..



At 06:51 PM 12/4/2003, you wrote:
>I have DSL with 5 static IP's.  On one of these IP's, I have a Redhat8
>machine, acting as firewall and service host, is the routable
>IP address (ETH0).  There is a second NIC (ETH1); is the
>non-routable IP address.  I would like to allow through ETH0: FTP, web, SSH,
>and DNS (I host multiple websites on IIS (and soon Apache) and would like to
>be able to host my own DNS, instead of relying on a 3rd party).  I would
>like to allow all traffic both directions through ETH1, as there is
>hardware firewall in front of the other machines on the network, and
>physical access to the computers is limited to just myself.
>So, for ETH0, I want to allow ports 21, 80, 22, and 53 from net.
>Included is a zip file with the relevant files.  I am able to see the
>default website, so port 80 seems correct.  I am unable to connect with
>command-line FTP from another machine (different routable IP).  I am
>thinking that once I get that resolved, the rest will be a bit clearer.  I
>am afraid that I am putting too much into the policy file.  I hope this is
>somewhat clear, it's been a long day.  Thank you in advance for your help!

"No Problems Only Solutions"
Francesca C. Smith
Lady Linux Internet Services
fsmith at ladylinux.com

More information about the Shorewall-newbies mailing list