Sat, 12 Jan 2002 13:42:56 -0800
On Saturday 12 January 2002 01:30 pm, firstname.lastname@example.org wrote=
> Hi all,
> I am in the process of setting up a firewall to protect a range of 128
> routable addresses. They need to be routable because of this client's =
> to access multiple-vendor VPN systems, using both client-to-subnet
> connections and subnet- to-subnet connections, mostly in aggressive mod=
> thus, likely to be broken by NAT. The documentation and my web searche=
> have shown little in they way of example configurations, and not much
> general discussion on the approach. I realize the NAT'd private addres=
> approach is more prevalent, but I'd appreciate some background perspect=
> from anyone has implemented such a setup.
> My questions:
> 1. Are there any example configurations around for this type of setup?
I don't have one since I use NAT and Proxy ARP.
> 2. Is the implementation simply a matter of leaving the NAT settings o=
> and supplying the proper internal range?
Yes -- plus, never use "all" in the ADDRESS column in your=20
> 3. Are any additional/different rules necessary or advisable in such a
Not really -- Shorewall doesn't assume a MASQ or NAT environment so if yo=
don't specify NAT it doesn't happen.=20
4. Any other issues a relative newcomer should be aware of, or
> background docs anyone might point me to?
Not that I can think of.
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com