[Shorewall-newbies] Trying to get shorewall to work inbound.
Perhaps arp/routing issues.
teastep at shorewall.net
Fri Feb 13 17:18:31 PST 2004
> In order for FAKE_IP machines to go to REAL_IP machines they bounce off
> the router (FAKE_INSIDE_IP is the FAKE_IP Gateway). So I had to be able
> to define the loc as the hardcoded real_IPs, and the natted subnet
> So now my files look like:
> loc eth1:REAL_IP_BASE3/32
> loc eth1:REAL_IP_BASE4/32
> loc eth1:REAL_IP_BASE5/32
> loc eth1:REAL_IP_BASE6/32
> loc eth1:REAL_IP_BASE7/32
> loc eth1:REAL_IP_BASE8/32
> loc eth1:REAL_IP_BASE9/32
> loc eth1:REAL_IP_BASE10/32
> loc eth1:REAL_IP_BASE11/32
> loc eth1:REAL_IP_BASE12/32
> loc eth1:FAKE_IP_BASE.0/24
> net eth0 REAL_IP_BASE.255 routefilter
> - eth1 REAL_IP_BASE.255,FAKE_IP_BASE.255
> I have in policy
> loc loc ACCEPT
> But isn't loc to loc the default now? I do not remember if worked
> without it in place.
> If there is a simpler way of doing this please let me know! This way is
> not too "unsimple" for me.
net eth0 REAL_IP_BASE.s55 routefilter
loc eth1 REAL_IP_BASE.255,FAKE_IP_BASE.255 routeback
And no /etc/shorewall/hosts file.
You really should try looking at the documentation -- from the
Documentation Index is a link entitled "Routing On One Interface" which
would have helped you considerably (acutally, the link near the top of
that page would have *really* have helped).
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies