[Shorewall-users] Quick Start Guide (fwd)

Paul Gear paulgear@bigfoot.com
Thu, 11 Apr 2002 05:59:45 +1000


Tom Eastep wrote:

> ...
> > Also, I assume my CM is outside the fw and is thus part of the net zone,
> > but I wasn't clear how to define a rule that allowed me to get my browser
> > to connect to it's IP (192.168.100.1) to read the status info, given the
> > norfc1918 option.
>
> If you have that requiremenent then you can't use 'norfc1918'.

Someone developed a recipe for this a while back.  Put this in your
/etc/shorewall/start file:

--------------8<----------------------
IGNORE1918="192.168.100.1,10.192.36.1"

for addr in `separate_list $IGNORE1918`; do
    run_iptables -I rfc1918 -s $addr -j RETURN
done
--------------8<----------------------

Search the archives for an explanation of what it does.

Paul
http://paulgear.webhop.net