Dear all,
This is the first posting I make to this group and I need your help with
an issue that I am stuck...
I have a SuSE Box with Shorewall 3.2.7 installed, with an ip of
10.0.0.100/255.255.255.0.
There are two networks currently on my box:
loc eth0 10.0.0.0/255.255.255.0
net eth1 192.168.20.0/255.255.255.0
There is a Samba Server running on "loc" with no problems for the
loc-domain.
eth1 is a network of another company which was added recently, hence
the instalation of Shorewall to route and filter the two networks.
This is done succesively. eth0 and eth1 are configure correctly and work
absolutely fine. The two networks are routing packets from one to the other
and both of them are interoperating like a charm.
The problem:
I have a DSL router which I want to add. Currently the router has an IP
of 10.0.0.138/255.255.255.0.
The router used to be placed on the LAN switcher and the LAN (eth0)
had internet this way.
Now though, since I have added the second network (eth1) I had to change
the default gw for all the WinXP machines of the lan (eth0) to the ip of
the server (10.0.0.100) in order for the packets to flow between eth0 &
eth1.
Question:
Is there a way in Shorewall to route all http, pop3, smtp, dns from the
LOC (eth0) network to 10.0.0.138, without adding an additional NIC on my
server,
that is, keeping the DSL modem on the lan-switch??
Thank you all for your replies in advance.
Chris
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Thu, Dec 21, 2006 at 01:59:16PM +0200, Chris Roubekas wrote:> The problem: > I have a DSL router which I want to add. Currently the router has an IP > of 10.0.0.138/255.255.255.0. > The router used to be placed on the LAN switcher and the LAN (eth0) > had internet this way. > Now though, since I have added the second network (eth1) I had to change > the default gw for all the WinXP machines of the lan (eth0) to the ip of > the server (10.0.0.100) in order for the packets to flow between eth0 & > eth1. > > Question: > Is there a way in Shorewall to route all http, pop3, smtp, dns from the > LOC (eth0) network to 10.0.0.138, without adding an additional NIC on my > server, > that is, keeping the DSL modem on the lan-switch??It should be working already. You''re probably missing either a default route or the ''routeback'' option in shorewall/interfaces (or both). However, it might be a marginally better idea to do it like http://www.shorewall.net/Multiple_Zones.html#OneArmed ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Yes you are absolutely right Andrew!! I was forgetting the "routeback" option in my ''interfaces'' file. It works like a charm now!! I will take a look at the Armed link that you provided. I think I like this solution better In terms of security. Chris -----Original Message----- From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Andrew Suffield Sent: Thursday, December 21, 2006 2:34 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] An unusual question... On Thu, Dec 21, 2006 at 01:59:16PM +0200, Chris Roubekas wrote:> The problem: > I have a DSL router which I want to add. Currently the router has an > IP of 10.0.0.138/255.255.255.0. > The router used to be placed on the LAN switcher and the LAN (eth0) > had internet this way. > Now though, since I have added the second network (eth1) I had to > change the default gw for all the WinXP machines of the lan (eth0) to > the ip of the server (10.0.0.100) in order for the packets to flow > between eth0 & eth1. > > Question: > Is there a way in Shorewall to route all http, pop3, smtp, dns from > the LOC (eth0) network to 10.0.0.138, without adding an additional NIC > on my server, that is, keeping the DSL modem on the lan-switch??It should be working already. You''re probably missing either a default route or the ''routeback'' option in shorewall/interfaces (or both). However, it might be a marginally better idea to do it like http://www.shorewall.net/Multiple_Zones.html#OneArmed ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV