[Shorewall-users] Routing real external IP's on Lan
Sun, 21 Apr 2002 06:25:38 -0700 (PDT)
On Sun, 21 Apr 2002, Andy wrote:
> Hi All,
> I have a quick question, probably more a router issue, but seeing as I use
> shorewall I though I would the list..
> I currently use shorewall to route my internal lan to the internet, but I
> will shortly be receiving 8 'real' ips.
> Therefore, my question being, can shorewall then route external IP 1, 2,
> 3, 4, 5 from ppp0 (or eth0) to the appropriate machine(s) on the internal
> LAN via
> And, if so, I take it it can act as a firewall over the muliple ip's.
> Probably very simple, but my head gets achey when thinking about multiple
> IP's over the one ethernet interface, well ok two interfaces, but
> you know what I mean.
It will depend on how your ISP is going to handle your 8 addresses. If
they are going to be treated as a /29 subnet then you can't use the first
and last address :-(. You would define your firewall with the second
address as the IP FOR BOTH INTERFACES then specify a subnet mask of
255.255.255.248 on eth1 (and probably 255.255.255.0 on eth1). In this
case, your /etc/shorewall/masq, /etc/shorewall/nat and
/etc/shorewall/proxyarp should all be empty.
If your ISP is just going to give you 8 IP addresses out of a larger
subnet then you can use all 8 addresses and you will want to use Proxy
ARP. See the Documentation and ask for help if you can't figure it out.
> The current connection 'in' to the router is via a speedtouch usb adsl
> modem, but im grabbing a router asap (any reccomendations?)
Sure -- use your Linux box; you don't need any more router than that.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com