detlev.schuemann@eurohypo.com
2003-Feb-07 03:28 UTC
Antwort: Re: Antwort: Re: Antwort: RE: [Shorewall-users] Configuration Question
Hi,
maybe you are right. But setting up a second firewall makes me feel better
;-)
Anyway. Thanks for your answer.
Detlev
Datum: 07.02.2003 11:54
An: detlev.schuemann@eurohypo.com
Kopie: shorewall-users@lists.shorewall.net
Betreff: Re: Antwort: Re: Antwort: RE: [Shorewall-users]
Configuration Question
Nachrichtentext:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
NAT and MASQ is setup on the router/firewall. In your case this is the
DSL router. NAT is not an option as you only have one official IP.
Masquerading has to be done on the device with the official IP which is
your DSL router. So there is no point masquerading a second time on a
second firewall.
What do you want to achieve with the linux firewall?
Sticking to the DSL router and setting up a second firewall will make
things very complicate.
Sascha
- --------------------------------------------------------
Sascha Knific K Systems & Design
Tel. +49-8151-773260 Wittelsbacherstr. 6a
Fax. +49-8151-773262 82319 Starnberg, Germany
Leo +49-8151-773261 WGS84: N57?59''52.4"
E11?20''34.3"
knific@k-sysdes.net http://www.k-sysdes.net
detlev.schuemann@eurohypo.com schrieb:
| Hi Sascha,
|
| my ISP gives me a dynamic IP address and I need the router. Normally the
| DSL-Routers are setup in the same LAN as the clients, because they have a
| built in firewall. But I want to have an extra firewall between the
clients
| and the router. This should not be a problem. But what I don?t understand
| is how to setup up NAT or MASQ.
|
| Detlev
|
|
|
| Datum: 07.02.2003 11:11
| An: detlev.schuemann@eurohypo.com
| Kopie: shorewall-users@lists.shorewall.net
|
|
| Betreff: Re: Antwort: RE: [Shorewall-users] Configuration
Question
| Nachrichtentext:
|
| Hi Detlev,
|
| the configuration depends highly on the IP configuration (static or
| dynamic IP) you have (or your ISP gives you). So you have to be more
| specific.
|
| If your ISP gives you a dynamic IP then it would be the best you remove
| the router and replace it with something else (if necessary).
|
| Sascha
|
| --------------------------------------------------------
| Sascha Knific K Systems & Design
| Tel. +49-8151-773260 Wittelsbacherstr. 6a
| Fax. +49-8151-773262 82319 Starnberg, Germany
| Leo +49-8151-773261 WGS84: N57?59''52.4"
E11?20''34.3"
| knific@k-sysdes.net http://www.k-sysdes.net
|
| detlev.schuemann@eurohypo.com schrieb:
| | Thank you for replying.In every example I can find on the web site the
| | firewall-interface is always connected to the dsl-modem and not to a
| | router. Maybe you can send me a link? Thanks.
| |
| | Detlev
| |
| |
| |
| | Datum: 07.02.2003 10:22
| | An: <detlev.schuemann@eurohypo.com>
| | Kopie: <shorewall-users@lists.shorewall.net>
| |
| |
| | Betreff: RE: [Shorewall-users] Configuration Question
| | Nachrichtentext:
| |
| | I''d suggest you look at the "two interfaces" example
available on the
| | Shorewall web site - it''s your best starting point.
| |
| | Jon
| |
| |
| |>I have a (maybe) simple question. My Configuration is this:
| |>
| |>
| |>----------
| |>| DSL |
| |>| Router |
| |>| |
| |>----------
| |> |
| |> |
| |> | eth0
| |>----------
| |>| |
| |>| FW |
| |>| |
| |>----------
| |> | eth1
| |> |
| |> |
| |>----------
| |>| |
| |>| Local |
| |>| Net |
| |>| |
| |>----------
| |>
| |>How Do I have to configure this when I want to use MASQ. Is
| |>MASQ configured only on the router, on the firewall or on
| |>both? I didn?t really understand this.
| |>
| |>Thanks in advance for your help.
| |>
| |>
| |>_______________________________________________
| |>Shorewall-users mailing list Shorewall-users@lists.shorewall.net
| |>http://lists.shorewall.net/mailman/listinfo/shorewall-users
| |>
| |
| |
| |
| |
| |
| |
| |
| | _______________________________________________
| | Shorewall-users mailing list
| | Shorewall-users@lists.shorewall.net
| | http://lists.shorewall.net/mailman/listinfo/shorewall-users
| |
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+Q5CES6OQQyL7X+oRAmcMAJ9h8bZSnKf4zu6fP2vFTSgHdrHRpACfT6Ol
3hm+WzqrpgPbiPu9LBY6kdY=FD7E
-----END PGP SIGNATURE-----