Shorewall users - May 2004 - NAT & MASQ

Hello Tom,
I seem to be missing the big picture here.. can you shed some light?

I have a three interface setup loc,dmz, net
I have 4 global addresses that I want to attach to eth0 (net)
address 1 - fw address
address 2- I want to forward to a (loc)router that uses dynamic dns vpn
(gre) (Yamaha router)
address 3 - web server/Bind9  (dmz)forward port 80,443,53
address 4 - mail server (dmz)pop3, smtp

should I use your sample ifup_local script to make the address aliases?
eth0:0 eth0:1..etc

should I use one-to-one nat for address 2 through 4?
I want my loc users to use the fw address for outbound (masq for eth0:0)?
How would you set up the zones for the 4 addresses?

I have read all of your docs.. but the more I read the more confused I get..
I am sure that there are several ways to setup the firewall... can you give
me some direction? I don''t want you to get techinical.. just a basic
overview of what I should do and I can take it from there.. much thanks..
Woody

**Woody** Dan Lamar Woodham Jr wrote:
> I seem to be missing the big picture here.. can you shed some light?
> 
> I have read all of your docs.. but the more I read the more confused I
get..
> I am sure that there are several ways to setup the firewall... can you give
> me some direction? I don''t want you to get techinical.. just a
basic
> overview of what I should do and I can take it from there.. much thanks..
The setup guide (http://shorewall.net/shorewall_setup_guide.htm) gives 
my recommendation for setting up a three-interface firewall with 
mutliple IP addresses.

I would just let Shorewall add the alias for the router in the
''loc''
zone (Proxy ARP doesn''t use aliases) -- see 
http://shorewall.net/Shorewall_and_Aliased_Interfaces.html.

-Tom

-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net