Barry, Christopher
2003-Jan-21 08:58 UTC
[Shorewall-users] Thanks for help with hosts file
All (Tom especially), Thanks for correcting my hosts file faux pas. I think I now (kinda) know how this file is used. Can I use this to control what subnets can get NAT''ed out and back through the net zone? For instance, with nothing in it every network inside can get out without a problem. If I do specify networks in it, is it true that only those specified can get out and back? I''m thinking this could be a kind of network ACL. Thanks, -- Christopher Barry Manager of Information Systems InfiniCon Systems http://www.infiniconsys.com office:610.233.ISIS (4747) direct:610.233.4870 cell:267.879.8321
--On Tuesday, January 21, 2003 11:58 AM -0500 "Barry, Christopher" <cbarry@infiniconsys.com> wrote:> All (Tom especially), > Thanks for correcting my hosts file faux pas. I think I now (kinda) know > how this file is used. Can I use this to control what subnets can get > NAT''ed out and back through the net zone?No. Zones have nothing to do with masquerading.> For instance, with nothing in > it every network inside can get out without a problem. If I do specify > networks in it, is it true that only those specified can get out and > back? I''m thinking this could be a kind of network ACL. >You can do that with /etc/shorewall/masq, not /etc/shorewall/hosts. The latter is used when you have a zone that shares an interface with one or more other zones. THAT IS THE ONLY TIME THAT YOU USE THE HOSTS FILE! -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net