Shorewall users - Jan 2004 - Multiple IPs with routed different address block

Hi.
I''ve been rolling shorewall in offices, and fortunately it''s
been
according to what''s documented in the shorewall site.
However this time, it''s a bit different.

I have a gateway assigned by an ISP: 203.201.206.105/30
Thus, it left me 203.201.206.106/30 as one of the interfaces in my
shorewall box.

I was then given the following block: 203.201.207.160/27, which will be
used for servers in the DMZ (and possibly LAN).
I tried to follow the documentation, but the example assumes the gateway
is within the same block as the rest of the live IP range. (seen the
multiple live IP doc, routed section)

Is shorewall capable of solving this problem?

Thank you in advance for your help.

------------------------

Lito Kusnadi

On Wednesday 21 January 2004 02:41 pm, Lito Kusnadi
wrote:
> Hi.
> I''ve been rolling shorewall in offices, and fortunately
it''s been
> according to what''s documented in the shorewall site.
> However this time, it''s a bit different.
>
> I have a gateway assigned by an ISP: 203.201.206.105/30
> Thus, it left me 203.201.206.106/30 as one of the interfaces in my
> shorewall box.
>
> I was then given the following block: 203.201.207.160/27, which will be
> used for servers in the DMZ (and possibly LAN).
> I tried to follow the documentation, but the example assumes the gateway
> is within the same block as the rest of the live IP range. (seen the
> multiple live IP doc, routed section)
>
> Is shorewall capable of solving this problem?
>
What problem? In a routed setup, the fact that the external IP is in the same 
subnet as the DMZ introduces a problem *that you don''t have*. In other
words,
it is easier in your case, not harder (you don''t need the host route to
your
ISP''s gateway).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net