i have 2 ip Static eth0 : 202.x.x.x/ 29 eth1 : 192.168.1.1/ 24 and my client 192.168.1.2/ 24 and i want using shorewall software for NAT how to settup and configure this software thanks rasito
On Wednesday 27 August 2003 02:31 am, rasito wrote:> i have 2 ip Static > > eth0 : 202.x.x.x/ 29 > eth1 : 192.168.1.1/ 24 and my client 192.168.1.2/ 24 > > and i want using shorewall software for NAT > how to settup and configure this software > > thanks > > rasitoRead the UsersGuide for your two interface setup. Follow the directions and you are there! Richard________________________________________> Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
--- rasito <rasito@jkt.elga.net.id> wrote:> i have 2 ip Static > > eth0 : 202.x.x.x/ 29 > eth1 : 192.168.1.1/ 24 and my client 192.168.1.2/ 24 > > and i want using shorewall software for NAT > how to settup and configure this softwareHello Rasito, This is described on http://www.shorewall.net/two-interface.htm This is assuming that your kernel has the necessary modules installed to do Masquerading. At any rate the web sites explains everything that you need to know. If you already have Shorewall installed and running then you would simply just edit your /etc/shorewall/masq file to read as follows: ############################################################################## #INTERFACE SUBNET ADDRESS eth0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE And if you had downloaded the two-interface sample as described below your firewall would allready be setup to do the basic NAtting or Masquerading.. Shorewall Concepts The configuration files for Shorewall are contained in the directory /etc/shorewall -- for simple setups, you will only need to deal with a few of these as described in this guide. After you have installed Shorewall, download the two-interface sample, un-tar it (tar -zxvf two-interfaces.tgz) and and copy the files to /etc/shorewall (these files will replace files with the same name). Hope this helps. If not then let us know...Everything is very well documented so you might just need to take the time to read it over. Joshua Banks __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Wed, 2003-08-27 at 01:06, Joshua Banks wrote:> --- rasito <rasito@jkt.elga.net.id> wrote: > > i have 2 ip Static > > > > eth0 : 202.x.x.x/ 29 > > eth1 : 192.168.1.1/ 24 and my client 192.168.1.2/ 24 > > > > and i want using shorewall software for NAT > > how to settup and configure this software > > Hello Rasito, > > This is described on http://www.shorewall.net/two-interface.htm >Since the original poster has *2* static IP addresses, the Shorewall Setup Guide (http://shorewall.net/shorewall_setup_guide.htm) may be more appropriate although there isn''t a whole lot that can be done with only two IP addresses. With two systems behind the firewall, I would probably use SNAT on one of them (use the gateway''s external IP address for that) then use static NAT for the other one. /etc/shorewall/masq: eth0 eth1 <gateway''s external IP address> /etc/shorewall/nat: <second static IP> eth0 <IP address of second PC> No No Alternatively, one could simply configure the addresses as an SNAT pool. If the static addresses are contiguous: /etc/shorewall/masq: eth0 eth1 <first static ip>-<second static ip> Note that if ADD_SNAT_ALIASES=Yes then the 1.4.6 errata ''firewall'' and ''functions'' scripts must be installed. If the addresses aren''t contiguous then the ''firewall'' and ''functions'' scripts from the 1.4.6 errata must be used and: /etc/shorewall/masq: eth0 eth1 <first static ip>,<second static ip> -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net