Shorewall users - May 2003 - Question about my configuration

1) Im working to setup several application servers in my DMZ on
different machines. Assuming I setup my DNS entries as per
"shorewall_setup_guide.htm" section 6.0 - is the implication that I
need
a unique static IP address for each system from my ISP? Is there any way
to setup the firewall to forward a.mydomain.com to a machine in the DMZ
that has a RFC1918 address only?
 
2) In my LOC zone Im running a winXP machine that has MSN IM running.
Based on FAQ #3 it appears that this shouldn''t be working as I
haven''t
done any special configuration for it. The same goes for a massively
multiplayer game (Asheron''s Call). I wasn''t expecting this to
work after
I got shorewall up and running and yet it does. Should I be concerned
that Ive installed / configured shorewall incorrectly? ( I used
"shield''s up" to do a port scan and it didn''t find
anything open ).
 
NOTE: I have been opening some ports from FW to LOC that appear in the
log periodically that seem to be related to NFS.
 
My rules file: (adding as attachment.. hope this works)
 
 
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rules
Type: application/octet-stream
Size: 11243 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030516/bce49355/rules.obj

On Fri, 16 May 2003 12:03:00 -0700, jon yeargers <jony@lupinesystems.net> 
wrote:
> 1) Im working to setup several application servers in my DMZ on
> different machines. Assuming I setup my DNS entries as per
> "shorewall_setup_guide.htm" section 6.0 - is the implication that
I need
> a unique static IP address for each system from my ISP? Is there any way
> to setup the firewall to forward a.mydomain.com to a machine in the DMZ
> that has a RFC1918 address only?
Sure -- you just have to define DNAT from both the ''net'' and
your ''loc''
zone. Or you can define static NAT from the net (be sure to put "no"
in the
"ALL INTERFACES" column of the nat file entries) and DNAT from the
local
zone.
> 2) In my LOC zone Im running a winXP machine that has MSN IM running.
> Based on FAQ #3 it appears that this shouldn''t be working as I
haven''t
> done any special configuration for it. The same goes for a massively
> multiplayer game (Asheron''s Call). I wasn''t expecting
this to work after
> I got shorewall up and running and yet it does. Should I be concerned
> that Ive installed / configured shorewall incorrectly?
Have you tried ALL functions of MSN IM (file transfer for example). MSN IM 
chat requires no special firewalling consideration.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net