Andy.Geraerts@care4data.com
2002-Jun-19 14:32 UTC
[Shorewall-users] Questions : Multiple IP addresses - Connection Tracking
Hello All! 1. I have a complete range if IP addresses : 195.0.29.x. I would like to use several addresses to access machines in my DMZ zone. (FTP, MAIL). What is the best approach to realize this? I tried to give my Internet NIC multiple IP''s (Aliases) and forward them to the DMZ machines, but somehow this doesn''t work? Only the primary address is accepted? 2. Before iptables I could see the active internet connections via netstat -M. This isn''t available in iptables anymore. Is there a way to see this with shorewall? Without having to dig into the logs? Thanks, Andy Geraerts Care4Data Group Tel: +32 11 370 371 Fax: +32 11 376 248
Tom Eastep
2002-Jun-19 15:42 UTC
[Shorewall-users] Questions : Multiple IP addresses - Connection Tracking
On Wed, 19 Jun 2002, Andy.Geraerts@care4data.com wrote:> > Hello All! > > 1. I have a complete range if IP addresses : 195.0.29.x. I would like to > use several addresses to access machines in my DMZ zone. (FTP, MAIL). What > is the best approach to realize this? I tried to give my Internet NIC > multiple IP''s (Aliases) and forward them to the DMZ machines, but somehow > this doesn''t work? Only the primary address is accepted? >No -- port forwarding to any <external address> to the DMZ is done with: DNAT net dmz:<local ip> <proto> <port> - <external address> You might also consider using proxy arp.> 2. Before iptables I could see the active internet connections via netstat > -M. This isn''t available in iptables anymore. Is there a way to see this > with shorewall? Without having to dig into the logs? >shorewall show connections -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net