[Shorewall-users] Routable Adresses on Private LAN (WAS: AD-Filter?)

dgilleece@optimumnetworks.com dgilleece@optimumnetworks.com
Sat, 12 Jan 2002 15:42:15 -0600 (CST)

Sorry for incorrect title.  I used reply, and thought I had changed it :/
It something is also freaking out on my end...I have 6 copies of my original 
message forwarded back to me...

----- Forwarded message from dgilleece@optimumnetworks.com -----
Hi all,

I am in the process of setting up a firewall to protect a range of 128 routable

addresses.  They need to be routable because of this client's need to access
multiple-vendor VPN systems, using both client-to-subnet connections and
to-subnet connections, mostly in aggressive mode; thus, likely to be broken by
NAT.  The documentation and my web searches have shown little in they way of
example configurations, and not much general discussion on the approach.  I
realize the NAT'd private address approach is more prevalent, but I'd
appreciate some background perspective from anyone has implemented such a

My questions:

1.  Are there any example configurations around for this type of setup?
2.  Is the implementation simply a matter of leaving the NAT settings off and
supplying the proper internal range?
3.  Are any additional/different rules necessary or advisable in such a system?
4.  Any other issues a relative newcomer should be aware of, or background docs

anyone might point me to?

Many thanks,


----- End forwarded message -----