[Shorewall-newbies] Current situation, and eventual goals

Tim Chetelat tim at progfan.com
Thu Dec 4 17:31:03 PST 2003


Yes.  The router/net/firewall device on routable IP 66.134.241.78 is a
separate device, that just handles the windows machines.  The redhat 8
server is running Shorewall, and will just provide firewall for that
machine.

Tim Chetelat
tim at progfan.com 

> -----Original Message-----
> From: Francesca C Smith [mailto:fsmith at ladylinux.com]
> Sent: Thursday, December 04, 2003 4:20 PM
> To: Tim Chetelat
> Cc: shorewall-newbies at lists.shorewall.net
> Subject: Re: [Shorewall-newbies] Current situation, and eventual goals
> 
> Hello,
> 
> Ok .. First thing first
> 
> Your interfaces file reads
> 
> net     eth0            66.134.241.74   routefilter,norfc1918
> loc     eth1            192.168.0.74
> 
> 
> It should read
> 
> net     eth0    detect  routefilter,norfc1918
> loc     eth1    detect
> 
> The Third Column is for the broadcast address .. You have the interface
> address there ..
> 
> Second Thing .. You need to read the part of the documentation that talks
> about "Multiple External Ethernet Addresses"
> 
> http://www.shorewall.net/shorewall_setup_guide.htm
> 
> Then decide if you Wan't to use Proxyarp .. SNAT, NAT Or One To One Nat
> 
> Note: Proxyarp is the authors preference ..
> 
> Welcome,
> 
> Francesca
> 
> 
> At 06:51 PM 12/4/2003, you wrote:
> >I have DSL with 5 static IP's.  On one of these IP's, I have a Redhat8
> >machine, acting as firewall and service host, 66.134.241.74 is the
> routable
> >IP address (ETH0).  There is a second NIC (ETH1); 192.168.0.74 is the
> >non-routable IP address.  I would like to allow through ETH0: FTP, web,
> SSH,
> >and DNS (I host multiple websites on IIS (and soon Apache) and would like
> to
> >be able to host my own DNS, instead of relying on a 3rd party).  I would
> >like to allow all traffic both directions through ETH1, as there is
> >hardware firewall in front of the other machines on the network, and
> >physical access to the computers is limited to just myself.
> >So, for ETH0, I want to allow ports 21, 80, 22, and 53 from net.
> >
> >Included is a zip file with the relevant files.  I am able to see the
> >default website, so port 80 seems correct.  I am unable to connect with
> >command-line FTP from another machine (different routable IP).  I am
> >thinking that once I get that resolved, the rest will be a bit clearer.
> I
> >am afraid that I am putting too much into the policy file.  I hope this
> is
> >somewhat clear, it's been a long day.  Thank you in advance for your
> help!
> 
> "No Problems Only Solutions"
> Francesca C. Smith
> Lady Linux Internet Services
> fsmith at ladylinux.com
> 





More information about the Shorewall-newbies mailing list