I know I can forward ports through the firewall, and as I read this mailing list I do know how. I also read in the documentation, that I can use MAC addresses in the shorewall config file. But as I don''t want to experiment, I just ask: If I want to forward HTTP (port 80) to an internal client which ist using DHCP, is using MAC addresses instead of IP''s what I need or do I have to set up a static IP for the concerning host??? Thanks for this great software and Best regards Jan -- OpenPGP public key available: http://home.arcor.de/jan.kohnert/gnupg_publickey.asc Key-Fingerprint: BA8E 11D1 FE7C 9353 7276 5375 486E 9BED 2B03 DF29
On Tue, 2004-05-25 at 21:06, Jan Kohnert wrote:> I know I can forward ports through the firewall, and as I read this mailing > list I do know how. I also read in the documentation, that I can use MAC > addresses in the shorewall config file. But as I don''t want to experiment, I > just ask: > If I want to forward HTTP (port 80) to an internal client which ist using > DHCP, is using MAC addresses instead of IP''s what I need or do I have to set > up a static IP for the concerning host??? > > Thanks for this great software and > Best regards JanYou answered your own question, if you manually setup the mac address you must assign it an ip in dhcp so in theory you have a static IP, so yes a static ip is usually recommended for servers.
Am Mittwoch, 26. Mai 2004 03:14 schrieb Nick Sklav:> On Tue, 2004-05-25 at 21:06, Jan Kohnert wrote:[sniped]> > If I want to forward HTTP (port 80) to an internal client which ist using > > DHCP, is using MAC addresses instead of IP''s what I need or do I have to > > set up a static IP for the concerning host??? > > You answered your own question, if you manually setup the mac address > you must assign it an ip in dhcp so in theory you have a static IP, so > yes a static ip is usually recommended for servers.I know that fact, but thats not acually what I wanted to know. I just tried to ask if I could use MAC instead of IP although it is better to use a static IP (whicht I could set up via DHCP also). Best regards Jan -- OpenPGP public key available: http://home.arcor.de/jan.kohnert/gnupg_publickey.asc Key-Fingerprint: BA8E 11D1 FE7C 9353 7276 5375 486E 9BED 2B03 DF29
Jan Kohnert wrote:> > I know that fact, but thats not acually what I wanted to know. I just tried to > ask if I could use MAC instead of IP although it is better to use a static IP > (whicht I could set up via DHCP also). >To be able to perform DNAT using layer 2 addresses (MAC addresses), you would need a layer 2 firewall (ebtables on Linux). I have no current (or long-range) plans to implement ebtables support in Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Am Mittwoch, 26. Mai 2004 04:44 schrieb Tom Eastep:> Jan Kohnert wrote: > > I know that fact, but thats not acually what I wanted to know. I just > > tried to ask if I could use MAC instead of IP although it is better to > > use a static IP (whicht I could set up via DHCP also). > > To be able to perform DNAT using layer 2 addresses (MAC addresses), you > would need a layer 2 firewall (ebtables on Linux). I have no current (or > long-range) plans to implement ebtables support in Shorewall.That''s what I wanted to know. So I configure DHCP to give the server a static IP and all is fine.> -TomThanks to all that helped to clearify... Best regards Jan -- OpenPGP public key available: http://home.arcor.de/jan.kohnert/gnupg_publickey.asc Key-Fingerprint: BA8E 11D1 FE7C 9353 7276 5375 486E 9BED 2B03 DF29