[Shorewall-newbies] Trying to get shorewall to work inbound. Perhaps arp/routing issues.

Tom Eastep teastep at shorewall.net
Wed Feb 11 16:55:01 PST 2004

On Wednesday 11 February 2004 04:46 pm, Zot O'Connor wrote:
> I have a dsl line with 13 addresses.
> They are all in a row, but not in a subnettable block.
> On my floppyfw firewall, I have ine IP for the outside (REAL_OUT_IP) and
> one for the inside (REAL_INSIDE_IP).  Then it arps the IPs, then routes
> each IP to /32 on the inside nic for each IP to the inside addresses.
> I then use ipchains to do the filtering.
> I also have a fake IP range that is on the same LAN that I nat out
> bound.  I have the .1 as a alias to the inside nic.
> All of this is pretty much done by hand in the firewall.ini.
> So the current router looks like this:
> __|_____________________________________________
> REAL_OUT_IP                    MASQ/NAT to REAL_OUT_IP
> ________________________________________________
> ____________________________________________________________
> LAN Machines (REAL_IPs)   LAN Machines (FAKE_IP)

That is exactly the setup described in 
http://www.shorewall.net/shorewall_setup_guide.html -- have you read that 

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list