Hello, I have attached the details of my configuration below.
My question: Can I define groups of unrelated IP addresses, so I then can
allow access to certain things based on those groups. For instance: I have
3 webdav users that all have static IP addresses. I want those webdav users
to be DNATed to a machine within my LAN. I was thinking something like
(/etc/shorewall/rules):
DNAT net loc:10.0.0.2 tcp 80
might become:
DNAT net:webdav_group loc:10.0.0.2 tcp 80
What is the general approach for this kind of thing? I am sure I am way off
the mark here on ''firewall methodology'' :-)
Any input gratefully accepted.
Jotham.
shorewall version:
1.4.5
ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:00:b4:9b:ae:4d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.255.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:54:d8:15 brd ff:ff:ff:ff:ff:ff
inet 202.0.55.14/24 brd 202.0.55.255 scope global eth1
4: ipddp0: <BROADCAST,MULTICAST,NOARP> mtu 585 qdisc noop qlen 100
link/ip/ddp 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
ip route show:
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
202.0.55.0/24 dev eth1 proto kernel scope link src 202.0.55.14
default via 202.0.55.1 dev eth1