[Shorewall-users] Shorewall as a "commercial" firewall

Mike Fedyk mfedyk at matchmail.com
Fri Sep 3 13:32:01 PDT 2004

Stephen Carville wrote:

>I am considering replacing my old checkpoint and watchguard firewalls witha 
>single Linux box using iptables and shorewall.  I have two ISP's (with 
>separate routing tables), two DMZ's, at least one VPN to a remote office, and 
>a local trusted network. The configuration will look like:
>               +----------------+
>               |                |
>net0 ----------+ eth1      eth3 +---- DMZ0 (~20 nodes)
>               |                |
>net1 ----------+ eth2      eth4 +---- DMZ1 (~5 nodes)
>               |       eth0     |
>               +--------+-------+
>                        |
>                        |
>                      Local (~120 nodes) 
>The 1.544 M$ question is can Shorewall handle this kind of a setup?  I've used 
>shorewall for my home network but has anyone out there used it in the kind of 
>environment shown above?
I have a similar setup except with only one DMZ and different ethX 
numbers for each network.

Works great.  I was using FIAIF before, but Shorewall is much simpler to 
setup and still offers more functionality.


More information about the Shorewall-users mailing list