[Shorewall-users] LAN server config?
Wed, 30 Jan 2002 06:18:50 -0800
On Wednesday 30 January 2002 02:57 am, Paul Gear wrote:
> Do the requests appear to come from the Internet or the router? (i.e. =
> the router do unidirectional NAT or bidirectional NAT?) My guess would=
> the former - requests still appear with the true source IP, and your ro=
> does the outgoing translation. If that is the case, i think you need t=
> zones, one for internal and one for external - the 'loc' and 'net' zone=
> provided by default should do the trick. The 'loc' zone would be
> 192.168.0.0/24, and 'net' would be everything else.
> > 3. The server runs a webserver on port 80 and a mailserver/pop3 MTA
> > (both available to the internet and the lan).
> Personally, if you are running standard POP3 over the Internet, i think=
> a) crazy,
> b) an ISP, or
> c) both of the above. :-)
> I know users like it, but it really is quite insecure.
Yes -- a VPN solution would definitely be better.
> I don't think it would help. You can do all you want by defining shore=
The only thing that I can add is that for NFS, I would open UDP port 111 =
ALL unpriv UDP ports from the NFS client (your server) to the NFS server=20
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org