[Shorewall-newbies] Setup help

Julian Church jc at ljchurch.co.uk
Mon Dec 8 09:25:14 PST 2003


On Sun, 7 Dec 2003 22:23:42 -1000, Dean Takemori <deant at hawaii.rr.com> 
wrote:

> Hello,
>
> I'm trying to set up shorewall 1.4.8 on an (rpm based) linux 2.4 (ie 
> iptables)
> system.  The box I'm trying to set up has a static IP and has both a
> local network (10.100.200.x) and internet access through a router/gateway
> (10.100.200.128) via the same NIC.
>

> I've tried using the sample two-interface setup as a starting point, but
> I get
>

<     Error: Unable to determine the routes through interface eth1
>
> when shorewall startup gets to "Masquraded Subnets and Hosts:"
>
> I'm guessing that the two-interface setup is meant for a system with
> two NICs, but I'm at a loss how to configure the above starting from
> the one-interface sample.

Yes, two-interface=two nics.

The setup you're describing is inherently insecure.  Other machines on the 
LAN won't be protected at all.  Having the LAN and WAN on the same 
interface just defeats the point of having shorewall at all, which is why 
you're having trouble finding documentation on the setup you've envisaged.

I strongly recommend you to install the extra NIC - it's only going to be 
a few $.

regards

Julian

-- 
jc at ljchurch.co.uk
www.ljchurch.co.uk


More information about the Shorewall-newbies mailing list