My new DSL line came complete with a new Modem that is
configured/monitored from a web browser. That inspired me to add a
couple of new features to to the masq file which you can find in 2.1.1
(see attached release notes, New Feature 2).
The modem has IP address 192.168.1.1 and is connected to eth0. My local
network is 192.168.1.0/24 and is connected to eth2 which has IP address
192.168.1.254.
/etc/shorewall/masq has added:
+eth0::192.168.1.1 0.0.0.0/0 192.168.1.254
The above rule uses the new features:
The leading "+" causes the rule to be placed ahead of one-to-one NAT
rules. The "::" prevents ADD_SNAT_ALIASES=Yes from trying to add
192.168.1.254 as an IP address on eth0.
/etc/shorewall/proxyarp has added
192.168.1.1 eth0 eth2 yes
/etc/network/interfaces (Debian-specific) has the last line below added:
iface eth0 inet static
address 206.124.146.176
netmask 255.255.255.0
network 206.124.146.0
broadcast 206.124.146.255
gateway 206.124.146.254
up ip route add 192.168.1.1 dev eth0
Voila! I can access the web server in the modem from both the firewall
and my local network.
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.1
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.1
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net