[Shorewall-newbies] Shorewall and use of multiple IPs

Tom Eastep teastep at shorewall.net
Wed Mar 10 12:32:33 PST 2004


On Tuesday 09 March 2004 12:33 pm, Bill.Light at kp.org wrote:
> I hate it, but I had to resort to ASCII art....here is what I have:
> Assigned by SBC (formerly Pacific Bell) - I can have 5 IP's
>
>
> ******************
> **   Internet   **
> ******************
>        *
>        *
> ******************
> **     SBC      **
> ******************
>        *
>        *
> ******************
> **  Phone Jack  **
> ******************
>        *
>        *
> ******************
> **  DSL Modem   **
> **              **
> **   x.y.z.1    **
> ******************
>        *
>        *
> *******************************
> **   x.y.z.2    eth0         **
> **                           **
> **  Shorewall   10.aa.bb.cc  ********  Internal Lan  *******>>>
> **                           **
> **   192.0.x.x  eth2         **
> *******************************
>        *
>        * DMZ
>        *
> *******************************
> **                           **
> **   x.y.z.3   eth0          **
> **   x.y.z.4   eth0:1        **
> **   x.y.z.5   eth0:2        **
> **   x.y.z.6   eth0:3        **
> **                           **
> *******************************
>
> x.y.z.nn  are REAL IP addresses assigned to me by SBC

Are you saying that you are going to assign 4 IP addresses to the single 
system in the DMZ? I think that's a waste of IP addresses. I would name 
x.y.z.3 mail.my.domain and then make the other names CNAMES pointing to that 
name. You can use Apache's virtual hosting to have individual web sites for 
each of the various domains. That's basically what I do here where I have a 
single server in my DMZ that is known as 'lists.shorewall.net', 
'mail.shorewall.net', 'www1.shorewall.net', ... 

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list