[Shorewall-users] Quick Start Guide

Dario Lesca d.lesca@ivrea.osra.it
Wed, 10 Apr 2002 09:56:41 +0200


----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>


> Version 1.0 of the Quick Start Guide and accompanying sample
> configurations is available at:
>
> http://www.shorewall.net/shorewall_quickstart_guide.htm.
>
> Comments and suggestions are most welcome.
>
Very useful! ...
... follow some my humble suggestions, you decide if insert or throw it.

1) --------------
the example "ACCEPT loc dmz:192.168.2.4`tcp 80 - 206.124.146.176"
have a "'" from "4" and "tcp"

2) ----------------
The general format for an ACCEPT rule for port forward:

    "ACCEPT net <server zone>:<server local ip address> \
        <protocol> <port> - <dest ip addr>

probably would be:

    "ACCEPT net <server zone>:<server local ip address>[:<local-port>] \
        <protocol> <dest port> - <dest ip addr>"

3) ----------------
I would suggest to add in the session "Port Forwarding" the follow
example, for the systems that they have one or few IP, and they must
redirect the same service to more internal host:

ACCEPT loc dmz:192.168.2.11:81 tcp 80 - 206.124.146.176
ACCEPT loc dmz:192.168.2.12:82 tcp 80 - 206.124.146.176

the internet cliente must connect using:

# links http://206.124.146.176:81

for connect from Internet to HTTPD running on 192.168.2.11 and


# links http://206.124.146.176:82

for connect from Internet to HTTPD running on 192.168.2.12

-0-

Thanks

-------
Dario Lesca (d.lesca@osra.it)