[Shorewall-users] Newbie list question ? Or not ?

Tom Eastep teastep at shorewall.net
Thu Dec 4 12:35:47 PST 2003

On Thu, 2003-12-04 at 12:13, Bill.Light at kp.org wrote:

> Situation -
> I have a working configuration of a Linux box running Shorewall 1.4.8 
> 2.4.20 kernel  (SuSE 9.0 Professional)
> eth0   to another Linux box firewall also running Shorewall 1.4.8  this is 
> how I get to the Internet
> eth1  to  a switch with the rest of my internal network 
> eth2  to work
> All internal traffic comes to this same box because it is my name server 
> and squid server  (behind the "real" firewall)
> I currently get into work with a Citrix client to get to a Terminal Server 
> box...no problem
> What I want:
> to use any other box in my network running citrix to get to work
> i.e.   anything that comes into eth1  with an address of  172.       needs 
> to go out eth2 to work  (NOT eth1 to the Internet)
> It seems I would be able to configure shorewall on this box to re-direct 
> all traffic on that subnet to go out my eth2 interface ...

Isn't this a simple routing problem? I don't understand what barrier
there is preventing you from doing what you want (other than you
probably have to masquerade traffic from eth1 -> eth2).

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list