[Shorewall-users] Newbie list question ? Or not ?

Bill.Light at kp.org Bill.Light at kp.org
Thu Dec 4 12:57:49 PST 2003

On Thu, 2003-12-04 at 12:13, Bill.Light at kp.org wrote:

> Situation -
> I have a working configuration of a Linux box running Shorewall 1.4.8 
> 2.4.20 kernel  (SuSE 9.0 Professional)
> eth0   to another Linux box firewall also running Shorewall 1.4.8  this 
> how I get to the Internet
> eth1  to  a switch with the rest of my internal network 
> eth2  to work
> All internal traffic comes to this same box because it is my name server 

> and squid server  (behind the "real" firewall)
> I currently get into work with a Citrix client to get to a Terminal 
> box...no problem
> What I want:
> to use any other box in my network running citrix to get to work
> i.e.   anything that comes into eth1  with an address of  172. needs 
> to go out eth2 to work  (NOT eth1 to the Internet)
> It seems I would be able to configure shorewall on this box to re-direct 

> all traffic on that subnet to go out my eth2 interface ...

Isn't this a simple routing problem? I don't understand what barrier
there is preventing you from doing what you want (other than you
probably have to masquerade traffic from eth1 -> eth2).



Thanks Tom -

hmmmm  I suppose it is, and yes, it probably does need to be masqueraded 
across the interfaces in this one box....

At least the question was answered....this probably doesn't belong on 
either "shorewall" list

What would that MASQ entry look like ?

eth2:172.x.x.x/24               eth1:192.x.x.x/24               # ?? Maybe 

I guess I can go try various options....

Sigh...  sufficiently talented fool - Bill

More information about the Shorewall-users mailing list