I want to use shorewall to setup my school network (because using the watchguard firewall has some problem), in school has one TrendMicro Interscan-VirusWall and one Linux server that inculde sendmail and apache service, the Interscan-VirusWall will receiving e-mail through watchguard firewall and then auto scan virus if no virus problem that will send to Linux sendmail service. Our school has ten public IP, have one public inculded A record www.abc.com and MX record abc.com, the watchguard firewall already set 202.1.2.3:25 Nat to TrendMicro Interscan-VirusWall 192.168.0.2:25 and 202.1.2.3:80 Nat to Linux server (apache) 192.168.0.3:80. In this situation, I don''t know how to setup in shorewall. http://tndo.no-ip.com/~wilson/shorewall.jpg Thanks _______________________________________ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk
On Sunday 16 April 2006 00:03, Wilson Kwok wrote:> > In this situation, I don''t know how to setup in > shorewall. >I will assume that the Shorewall system has eth0=WAN and eth1=LAN and I will assume that you will specify ''norfc1918'' on eth0 in /etc/shorewall/interfaces. I would do this: a) In /etc/shorewall/nat: 202.1.2.3 eth0 192.168.0.3 b) In /etc/shorewall/rules: ACCEPT net loc:192.168.0.3 tcp 80,443 DNAT net loc:192.168.0.2 tcp 25 That way: 1 Outgoing connections from 192.168.0.3 will SNAT to 202.1.2.3. You will need that if you want to use SPF 2 Incoming http and https connections will be accepted and forwarded to 192.168.0.3. 3 Incoming smtp connections will be accepted and forwarded to 192.168.0.2 (DNAT rules in /etc/shorewall/rules override the address translations defined in /etc/shorewall/nat). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key