[Shorewall-newbies] Trying to get shorewall to work inbound. Perhaps arp/routing issues.

Tom Eastep teastep at shorewall.net
Fri Feb 13 17:18:31 PST 2004

> In order for FAKE_IP machines to go to REAL_IP machines they bounce off
> the router (FAKE_INSIDE_IP is the FAKE_IP Gateway).  So I had to be able
> to define the loc as the hardcoded real_IPs, and the natted subnet
> (FAKE_IP).
> So now my files look like:
> hosts:
> loc		eth1:REAL_IP_BASE3/32
> loc		eth1:REAL_IP_BASE4/32
> loc		eth1:REAL_IP_BASE5/32
> loc		eth1:REAL_IP_BASE6/32
> loc		eth1:REAL_IP_BASE7/32
> loc		eth1:REAL_IP_BASE8/32
> loc		eth1:REAL_IP_BASE9/32
> loc		eth1:REAL_IP_BASE10/32
> loc		eth1:REAL_IP_BASE11/32
> loc		eth1:REAL_IP_BASE12/32
> loc		eth1:FAKE_IP_BASE.0/24
> interfaces
> net     eth0            REAL_IP_BASE.255          routefilter
> -       eth1            REAL_IP_BASE.255,FAKE_IP_BASE.255
> I have in policy
> loc		loc		ACCEPT
> But isn't loc to loc the default now?  I do not remember if worked
> without it in place.
> If there is a simpler way of doing this please let me know! This way is
> not too "unsimple" for me.


net	eth0	REAL_IP_BASE.s55			routefilter
loc	eth1	REAL_IP_BASE.255,FAKE_IP_BASE.255	routeback
And no /etc/shorewall/hosts file.

You really should try looking at the documentation -- from the
Documentation Index is a link entitled "Routing On One Interface" which
would have helped you considerably (acutally, the link near the top of
that page would have *really* have helped).

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list