[Shorewall-users] AD-Filter?

dgilleece@optimumnetworks.com dgilleece@optimumnetworks.com
Sat, 12 Jan 2002 15:30:28 -0600 (CST)


Hi all,

I am in the process of setting up a firewall to protect a range of 128 routable 
addresses.  They need to be routable because of this client's need to access 
multiple-vendor VPN systems, using both client-to-subnet connections and subnet-
to-subnet connections, mostly in aggressive mode; thus, likely to be broken by 
NAT.  The documentation and my web searches have shown little in they way of 
example configurations, and not much general discussion on the approach.  I 
realize the NAT'd private address approach is more prevalent, but I'd 
appreciate some background perspective from anyone has implemented such a setup.

My questions:

1.  Are there any example configurations around for this type of setup?
2.  Is the implementation simply a matter of leaving the NAT settings off and 
supplying the proper internal range?
3.  Are any additional/different rules necessary or advisable in such a system?
4.  Any other issues a relative newcomer should be aware of, or background docs 
anyone might point me to?

Many thanks,

Dan