On Saturday 06 March 2004 05:45 am, Aubrey Kilpatrick wrote:
> Hi Tom,

Hello Aubrey,

> I am thinking about puting a "Linksys Etherfast Cable/DSL router" between
> my existing Linux router/firewall box and my cable modem.
> The existing Linux router/firewall (three nics with Shorewall) has been
> working with the cable modem perfectly and is not a problem.

What benefit to you expect from this setup? It isn't obvious to me but then I 
haven't looked closely at these little routers.

> My question is will I have to make major changes to my Linux R/F box to put
> the Linksys router between the cable modem and the Linux box?  Does anyone
> on the list presently have such a setup running?

This is an ideal application for the new bridging firewall code (see 
http://www.shorewall.net/2.0/bridge.html). That would require quite a bit of 
change though (including an upgrade to Shorewall 2.0.0-RC1 plus the bridging 
components). Note that while the above URL only talks about a two-port 
bridge, the bridging code supports an arbitrary number of ethernet ports as 
does the Shorewall bridging support.

If you leave your current R/F as a router, the main changes will likely be to 
your addressing. Since the R/F's external interface will have an RFC 1918 
address (the Linksys does SNAT I believe), you will want to remove 
'norfc1918' from your external interface entry in /etc/shorewall/interfaces. 

