Shorewall users - Nov 2002 - Probably a stupid question...but I''ll ask

This is a multipart message in MIME format.
--=_alternative 001FDE3388256C6D_Content-Type: text/plain;
charset="us-ascii"

I''m getting braver with my DSL thanks to Shorewall, Tom.   But
I''m curious
if I am truly using what was given to me by my DSL provider.

They say I get 5 IP addresses....based on the documentation...I used 
proxyarp to go to my DMZ webserver
and I NAT to define the "real" addresses assigned to me - but the 
"nat"
table says not to use the "real" address of the associated interface 
"ethn" so it is NOT in "nat"

but if I use  x.x.x.1  as the gateway  (Defined as "net" in 
/etc/shorewall/interfaces)
and "answer" on x.x.x.2   real address - defined  in ifconfig  as ethn
and "answer" on x.x.x.3   real address - defined in ifconfig as ethn:1
and "answer" on x.x.x.4   real address - defined in ifconfig as ethn:2
and "answer" on x.x.x.5   real address - defined in ifconfig as ethn:3

I can get a virtual webserver to answer on each of the  ...3 ...4 ....5 
but not the ...2 

Apache is listening, and on the webserver itself I can get lynx (no
"X"
installed) to answer the  ...2 address.

What piece am I missing....or should I use the x.x.x.1  address as  ethn ? 
 I also read the book that you recommended and discovered more about the 
broadcast and netmask and the way it "ands"  so I think I''m
OK there.   I
also get why I can''t use the first  ...1 address, but I''m not
getting why
the x.x.x.2  address doesn''t fly.  Or am I mixing apples and oranges in
my
setup and asking for trouble ?

Thanks in advance...

- Bill


--=_alternative 001FDE3388256C6D_Content-Type: text/html;
charset="us-ascii"


<br><font size=2 face="sans-serif">I''m getting
braver with my DSL thanks to Shorewall, Tom. &nbsp; But I''m curious
if I am truly using what was given to me by my DSL provider.</font>
<br>
<br><font size=2 face="sans-serif">They say I get 5 IP
addresses....based on the documentation...I used proxyarp to go to my DMZ
webserver</font>
<br><font size=2 face="sans-serif">and I NAT to define the
&quot;real&quot; addresses assigned to me - but the
&nbsp;&quot;nat&quot; table says not to use the
&quot;real&quot; address of the associated interface
&quot;ethn&quot; so it is NOT in &quot;nat&quot;</font>
<br>
<br><font size=2 face="sans-serif">but if I use
&nbsp;x.x.x.1 &nbsp;as the gateway &nbsp;(Defined as
&quot;net&quot; in /etc/shorewall/interfaces)</font>
<br><font size=2 face="sans-serif">and
&quot;answer&quot; on x.x.x.2 &nbsp; real address - defined
&nbsp;in ifconfig &nbsp;as ethn</font>
<br><font size=2 face="sans-serif">and
&quot;answer&quot; on x.x.x.3 &nbsp; real address - defined in
ifconfig as ethn:1</font>
<br><font size=2 face="sans-serif">and
&quot;answer&quot; on x.x.x.4 &nbsp; real address - defined in
ifconfig as ethn:2</font>
<br><font size=2 face="sans-serif">and
&quot;answer&quot; on x.x.x.5 &nbsp; real address - defined in
ifconfig as ethn:3</font>
<br>
<br><font size=2 face="sans-serif">I can get a virtual
webserver to answer on each of the &nbsp;...3 ...4 ....5 &nbsp; but not
the ...2 </font>
<br>
<br><font size=2 face="sans-serif">Apache is listening,
and on the webserver itself I can get lynx (no &quot;X&quot; installed)
to answer the &nbsp;...2 address.</font>
<br>
<br><font size=2 face="sans-serif">What piece am I
missing....or should I use the x.x.x.1 &nbsp;address as &nbsp;ethn ?
&nbsp;I also read the book that you recommended and discovered more about
the broadcast and netmask and the way it &quot;ands&quot; &nbsp;so I
think I''m OK there. &nbsp; I also get why I can''t use the
first &nbsp;...1 address, but I''m not getting why the x.x.x.2
&nbsp;address doesn''t fly. &nbsp;Or am I mixing apples and
oranges in my setup and asking for trouble ?</font>
<br>
<br><font size=2 face="sans-serif">Thanks in
advance...</font>
<br>
<br><font size=2 face="sans-serif">- Bill</font>
<br>
<br>
--=_alternative 001FDE3388256C6D_=--

--On Saturday, November 09, 2002 09:43:49 PM -0800 "Bill.Light@kp.org"
<Bill.Light@kp.org> wrote:
>
> I''m getting braver with my DSL thanks to Shorewall, Tom.   But
I''m
> curious if I am truly using what was given to me by my DSL provider.
>
> They say I get 5 IP addresses....based on the documentation...I used
> proxyarp to go to my DMZ webserver
Which consumes one IP address.

 and I NAT to define the "real"
> addresses assigned to me - but the  "nat" table says not to use
the
> "real" address of the associated interface "ethn"
Which consumes a second IP address leaving 3 to use for NAT.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://shorewall.sf.net
ICQ: #60745924  \ teastep@shorewall.net