[Shorewall-newbies] Trying to get shorewall to work inbound. Perhaps arp/routing issues.

Tom Eastep teastep at shorewall.net
Wed Feb 11 16:55:01 PST 2004


On Wednesday 11 February 2004 04:46 pm, Zot O'Connor wrote:
> I have a dsl line with 13 addresses.
>
> They are all in a row, but not in a subnettable block.
>
> On my floppyfw firewall, I have ine IP for the outside (REAL_OUT_IP) and
> one for the inside (REAL_INSIDE_IP).  Then it arps the IPs, then routes
> each IP to /32 on the inside nic for each IP to the inside addresses.
>
> I then use ipchains to do the filtering.
>
> I also have a fake IP range that is on the same LAN that I nat out
> bound.  I have the .1 as a alias to the inside nic.
>
> All of this is pretty much done by hand in the firewall.ini.
>
> So the current router looks like this:
>
> DSL_ISP
>
>
> __|_____________________________________________
> REAL_OUT_IP                    MASQ/NAT to REAL_OUT_IP
> ________________________________________________
> REAL_INSIDE_IP                 FAKE_INSIDE_IP
> ____________________________________________________________
>
>
> LAN Machines (REAL_IPs)   LAN Machines (FAKE_IP)

That is exactly the setup described in 
http://www.shorewall.net/shorewall_setup_guide.html -- have you read that 
document?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list