Hi everybody. I have network setup where by I have RED-Internet, GREEN-Local, ORANGE- DMZ but also i have branches which getting internet services and other services at my GREEN-LOCAL and getting web server,email server from DMZ. So i have sort of Intranet. my clients from branches and local are getting internet using proxy server at firewall box? apart from Shorewall configuration: there is a sctript used to run at start to enable branch network and being routed to DMZ and Internet. If i remove that script not branch clients being able to get DMZ rather internet services. See the routing script: ######################################### #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don''t # want to do the full Sys V style init stuff. touch /var/lock/subsys/local route add -host 255.255.255.255 dev eth1 route add -net 10.20.33.0 netmask 255.255.255.0 dev eth1 route add -net 10.6.8.0 netmask 255.255.255.0 dev eth1 route add -net 10.7.7.0 netmask 255.255.255.0 dev eth1 route add -net 10.24.6.0 netmask 255.255.255.0 dev eth1 route add -net 10.20.12.0 netmask 255.255.255.0 dev eth1 route add -net 10.9.96.0 netmask 255.255.255.0 dev eth1 route add -net 10.35.13.0 netmask 255.255.255.0 dev eth1 shorewall restart ############################################# Thanks in advance guys for helping me -- with rgds Marco Salimu IT Manager [ P.o. Box 1546] Mob: +255 784 370294 | +255 715 370294 Tel: +255 27 8218 | Fax: +255 27 8273 Email: ******************************* marco@seda.or.tz | smarcos2001@yahoo.com smarcos2001@hotmail.com | marco_salim@wvi.org Marco.magnus@gmail.com ******************************** -- with rgds Marco Salimu IT Manager [ P.o. Box 1546] Mob: +255 784 370294 | +255 715 370294 Tel: +255 27 8218 | Fax: +255 27 8273 Email: ******************************* marco@seda.or.tz | smarcos2001@yahoo.com smarcos2001@hotmail.com | marco_salim@wvi.org Marco.magnus@gmail.com ******************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
Marco, If all your routes points to the same interface (eth1), why not use just a default router? If there are more routes, please do not consider my advice. Anyway, for any of us to help, please include more information about the topology of the networks nad what you want to achieve cause your description is just too generic. Flavio Marco Salimu <marco@seda.or.tz> wrote on 28 Jul 2010, 11:23 AM: Subject: [Shorewall-users] REF: Intranet-Local to DMZ and Internet Services>Hi everybody. I have network setup where by I have RED-Internet, >GREEN-Local, ORANGE- DMZ but also i have branches which getting internet >services and other services at my GREEN-LOCAL and getting web server,email >server from DMZ. So i have sort of Intranet. > >my clients from branches and local are getting internet using proxy server >at firewall box? > > >apart from Shorewall configuration: there is a sctript used to run at >start to enable branch network and being routed to DMZ and Internet. If i >remove that script not branch clients being able to get DMZ rather >internet services. > >See the routing script: > >######################################### >#!/bin/sh ># ># This script will be executed *after* all the other init scripts. ># You can put your own initialization stuff in here if you don''t ># want to do the full Sys V style init stuff. > >touch /var/lock/subsys/local > > route add -host 255.255.255.255 dev eth1 > route add -net 10.20.33.0 netmask 255.255.255.0 dev eth1 > route add -net 10.6.8.0 netmask 255.255.255.0 dev eth1 > route add -net 10.7.7.0 netmask 255.255.255.0 dev eth1 > route add -net 10.24.6.0 netmask 255.255.255.0 dev eth1 > route add -net 10.20.12.0 netmask 255.255.255.0 dev eth1 > route add -net 10.9.96.0 netmask 255.255.255.0 dev eth1 > route add -net 10.35.13.0 netmask 255.255.255.0 dev eth1 > > shorewall restart >############################################# > >Thanks in advance guys for helping me >-- >with rgds > >Marco Salimu >IT Manager >[ P.o. Box 1546] >Mob: +255 784 370294 | +255 715 370294 >Tel: +255 27 8218 | Fax: +255 27 8273 >Email: >******************************* >marco@seda.or.tz | smarcos2001@yahoo.com >smarcos2001@hotmail.com | marco_salim@wvi.org >Marco.magnus@gmail.com >******************************** > >-- >with rgds > >Marco Salimu >IT Manager >[ P.o. Box 1546] >Mob: +255 784 370294 | +255 715 370294 >Tel: +255 27 8218 | Fax: +255 27 8273 >Email: >******************************* >marco@seda.or.tz | smarcos2001@yahoo.com >smarcos2001@hotmail.com | marco_salim@wvi.org >Marco.magnus@gmail.com >******************************** > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > >------------------------------------------------------------------------------ > >The Palm PDK Hot Apps Program offers developers who use the >Plug-In Development Kit to bring their C/C++ apps to Palm for a share >of $1 Million in cash or HP Products. Visit us here for more details: >http://p.sf.net/sfu/dev2dev-palm >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users >----------------------------------------------------------------------------------------------------------------------- Send big files for free. Simple steps. No registration. Visit now http://www.nawelny.com ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On 7/28/10 9:07 PM, Flavio Machado wrote:> Anyway, for any of us to help, please include more information about the > topology of the networks nad what you want to achieve cause your > description is just too generic.I agree -- from reading Marco''s original post, I couldn''t understand what problem he wanted us to help him solve. I would say, however, that it would be much cleaner to define the routes using his distribution''s network configuration tools rather than in a separate init script. That way, if eth1 is taken down and brought back up, the routes would be restored automatically; with the current setup, the separate init script would have to be run again to create the routes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm