Eric Jorgensen
2002-Feb-15 19:29 UTC
[Shorewall-users] Question about using a DMZ and overlapping IP address
Hello,
Here is a quick diagram of my network:
|------------|
internet | DSL router | 10.0.0.1
---------| |------------|
|------------| | 10.0.0.X DMZ
|
| eth0:10.0.0.3
|---------------|
| shorewall |
| linux box |
|---------------|
| eth1:10.0.1.254
|
| 10.0.1.X
Intranet
|
I have a DSL router that connects me to the internet.
It''s ethernet address is 10.0.0.1, and I have a linux
box at 10.0.0.3 that I''m setting up as a firewall
using shorewall. I''d like to be able to set up a DMZ,
but the DMZ is also on the same network as the
internet, as far as the shorewall box is concerned
(eth0).
I''ve tried various combinations but I can''t seem to
get the DMZ configured properly with the zones and
hosts configurations. Could someone please give me an
example? I''d post what I have so far, but my work
internet access is intermittent. Maybe tonight from
home I can.
Thanks!
Eric
__________________________________________________
Do You Yahoo!?
Got something to say? Say it better with Yahoo! Video Mail
http://mail.yahoo.com
Tom Eastep
2002-Feb-18 23:40 UTC
[Shorewall-users] Question about using a DMZ and overlapping IP address
Eric,> -----Original Message----- > From: shorewall-users-admin@shorewall.net > [mailto:shorewall-users-admin@shorewall.net] On Behalf Of > Eric Jorgensen > Sent: Friday, February 15, 2002 11:29 AM > To: shorewall-users@shorewall.net > Subject: [Shorewall-users] Question about using a DMZ and > overlapping IP address > > > Hello, > > Here is a quick diagram of my network: > > |------------| > internet | DSL router | 10.0.0.1 > ---------| |------------| > |------------| | 10.0.0.X DMZ > | > | eth0:10.0.0.3 > |---------------| > | shorewall | > | linux box | > |---------------| > | eth1:10.0.1.254 > | > | 10.0.1.X > Intranet > | > > > > I have a DSL router that connects me to the internet. > It''s ethernet address is 10.0.0.1, and I have a linux > box at 10.0.0.3 that I''m setting up as a firewall > using shorewall. I''d like to be able to set up a DMZ, > but the DMZ is also on the same network as the > internet, as far as the shorewall box is concerned > (eth0). > > I''ve tried various combinations but I can''t seem to > get the DMZ configured properly with the zones and > hosts configurations. Could someone please give me an > example? I''d post what I have so far, but my work > internet access is intermittent. Maybe tonight from > home I can. >/etc/shorewall/zones (The order is important): dmz DMZ Demilitarized Zone net Internet The Internet loc Local Trusted Local Zone /etc/shorewall/interfaces: - eth1 <your options> /etc/shorewall/hosts dmz eth1:10.0.0.X routestopped net eth0:0.0.0.0/0 <options> -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Eric Jorgensen
2002-Feb-19 03:02 UTC
[Shorewall-users] Question about using a DMZ and overlapping IP address
--- Tom Eastep <teastep@shorewall.net> wrote:> Eric, > > > -----Original Message----- > > From: shorewall-users-admin@shorewall.net > > [mailto:shorewall-users-admin@shorewall.net] On > Behalf Of > > Eric Jorgensen > > Sent: Friday, February 15, 2002 11:29 AM > > To: shorewall-users@shorewall.net > > Subject: [Shorewall-users] Question about using a > DMZ and > > overlapping IP address > > > > > > Hello, > > > > Here is a quick diagram of my network: > > > > |------------| > > internet | DSL router | 10.0.0.1 > > ---------| |------------| > > |------------| | 10.0.0.X DMZ > > | > > | eth0:10.0.0.3 > > |---------------| > > | shorewall | > > | linux box | > > |---------------| > > | > eth1:10.0.1.254 > > | > > | 10.0.1.X > > Intranet > > | > > > > > > > > I have a DSL router that connects me to the > internet. > > It''s ethernet address is 10.0.0.1, and I have a > linux > > box at 10.0.0.3 that I''m setting up as a firewall > > using shorewall. I''d like to be able to set up a > DMZ, > > but the DMZ is also on the same network as the > > internet, as far as the shorewall box is concerned > > (eth0). > > > > I''ve tried various combinations but I can''t seem > to > > get the DMZ configured properly with the zones and > > hosts configurations. Could someone please give > me an > > example? I''d post what I have so far, but my work > > internet access is intermittent. Maybe tonight > from > > home I can. > > > > /etc/shorewall/zones (The order is important): > > dmz DMZ Demilitarized Zone > net Internet The Internet > loc Local Trusted Local Zone > > /etc/shorewall/interfaces: > > - eth1 <your options> > > /etc/shorewall/hosts > > dmz eth1:10.0.0.X routestopped > net eth0:0.0.0.0/0 <options> >Do you mean: dmz eth0:10.0.0.X routestopped net eth0:0.0.0.0/0 <options> Thanks, Eric __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
Tom Eastep
2002-Feb-19 03:17 UTC
[Shorewall-users] Question about using a DMZ and overlapping IP address
On Monday 18 February 2002 07:02 pm, Eric Jorgensen wrote:> > Do you mean: > > dmz=09eth0:10.0.0.X=09routestopped > net=09eth0:0.0.0.0/0=09<options>Yes -- eth0 in /etc/shorewall/hosts also. -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Eric Jorgensen
2002-Feb-25 20:51 UTC
[Shorewall-users] Question about using a DMZ and overlapping IP address
Hi, I just wanted to follow up on this now that I had a chance last weekend to work on this. This worked great for me, but instead of putting an individual host in the DMZ into the hosts file, I put the whole subnet: dmz eth0:10.0.0.0/24 routestopped net eth0:0.0.0.0/0 routestopped Thanks for your help and thanks for a great tool! Eric --- Tom Eastep <teastep@shorewall.net> wrote:> On Monday 18 February 2002 07:02 pm, Eric Jorgensen > wrote: > > > > > Do you mean: > > > > dmz eth0:10.0.0.X routestopped > > net eth0:0.0.0.0/0 <options> > > Yes -- eth0 in /etc/shorewall/hosts also. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
Tom Eastep
2002-Feb-25 20:52 UTC
[Shorewall-users] Question about using a DMZ and overlapping IP address
> -----Original Message----- > From: Eric Jorgensen [mailto:jorgy@yahoo.com] > Sent: Monday, February 25, 2002 12:52 PM > To: Tom Eastep; shorewall-users@shorewall.net > Subject: Re: [Shorewall-users] Question about using a DMZ and > overlapping IP address > > > Hi, > > I just wanted to follow up on this now that I had a > chance last weekend to work on this. This worked > great for me, but instead of putting an individual > host in the DMZ into the hosts file, I put the whole > subnet: > > dmz eth0:10.0.0.0/24 routestopped > net eth0:0.0.0.0/0 routestopped > > > Thanks for your help and thanks for a great tool! >And thank you for the follow up message... -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net