Shorewall users - Mar 2003 - Desperately need help with configuring shorewall

Hi All,



I am very new to Linux and even more new to Shorewall Firewall system. I need to
protect my network as the router/gateway I set behind does not have firewall
services. I desperately need some help. I am using Red Hat Linux 8 and the
latest download of shorewall firewall.

I have T1 service and I have 2 sets of public IP addresses (192.168.1.x and
192.168.2.x) connected to eth0 and eth0:0. I have a local network connected to
eth2 (subnet 192.168.3.0/24) and a DMZ connected to eth1 (172.36.1.0/24).  I am
doing static NAT where I have (192.168.1.x and 192.168.2.x) translating to my
DMZ zone IP addresses. The reason why the public IP address are (192.168.1.x and
192.168.2.x) is because my network is set up behind a gateway/router that is
doing NAT and is handing me off those IP addresses. I have no control over that
router/gateway.

I have connected my Firewall and I am able to browse the Internet from any
computer connected unto either my Local Network or my DMZ zone, however, I
cannot seem to be able to get my Webservers in my DMZ zone or even in my local
Zone (testing purpose) to be browsed either publicly or privately (within the
networks).

I have tried to follow as much as possible the example provided by "Last
updated 1/12/2003 - Tom Eastep Copyright ? 2001, 2002, 2003 Thomas M. Eastep. At
http://shorewall.sourceforge.net/myfiles.htm, but I am not total successful. Can
someone please help me with configuring the following files to accommodate my
network setup so that my web-servers and mail-servers in the DMZ zone can be
browsed successfully both from my local network, within the DMZ zone and more
importantly can be browsed by the outside world? I will have several physical
individual servers in my DMZ (perhaps between 5-10).

(1)  Zones File:
(2)  (b) Interfaces File: 
(3)  Hosts File: 
(4)  Routestopped File:
(5)  Policy File:
(6)  Masq File: 
(7)  NAT File: 
(8)  Proxy ARP File:
(9)  Rules File 
Thanks for the help

 

Regards

Michael

--On Monday, March 17, 2003 11:36:11 AM -0500 Michael Treasure 
<Michael@Treasurecom.com> wrote:
>
> I have tried to follow as much as possible the example provided by
"Last
> updated 1/12/2003 - Tom Eastep Copyright ? 2001, 2002, 2003 Thomas M.
> Eastep. At http://shorewall.sourceforge.net/myfiles.htm, but I am not
> total successful.
I would have thought that 
http://www.shorewall.net/shorewall_setup_guide.htm and 
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html would have 
been better places for you to start than looking at a set of my old 
configuration files.
> Can someone please help me with configuring the
> following files to accommodate my network setup so that my web-servers
> and mail-servers in the DMZ zone can be browsed successfully both from my
> local network, within the DMZ zone and more importantly can be browsed by
> the outside world?
Sure -- but you are going to have to post your configuration before we can 
tell you what''s wrong with it.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net