[Shorewall-newbies] A DMZ issue with private addresses

Tom Eastep teastep at shorewall.net
Sat Jan 17 08:23:23 PST 2004


On Sat, 17 Jan 2004, Matthew Pozzi wrote:

Basically, you have created a routing nightmare. The only way that I know
of to make this work is to dual-home all of the systems in the DMZ then
use policy routing on those systems so that the outgoing traffic is routed
to the internet via the path that you want (or in some cases, so that
replies return via the path that the request came in on).

Another (simpler) solution is to have a single gateway system for both the
ISDN and ADSL internet links and use policy routing on that gateway to
direct traffic. There are instructions in the Shorewall FAQ (copied
directly from the LATRC Howto).

-Tom
--
Tom Eastep    \ Nothing is foolproof
to a sufficiently talented fool Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list