I have an access-IProm my isp that I configured my eth0 with.
And I also have an IP-range assigned from my ISP that will be used on my servers
connected to eth1. The IP-range is routed thru the access-IP.
This is how my configfiles look like. Internal everything seems to work but not
external.
/etc/shorewall/proxyarp
#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
213.115.134.1 eth1 eth0 No
213.115.134.2 eth1 eth0 No
213.115.134.3 eth1 eth0 No
213.115.134.4 eth1 eth0 No
/etc/shorewall/interface
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect norfc1918
dmz eth1 detect
/etc/shorewall/masq
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
eth0 eth1
/etc/shorewall/policy
#SOURCE DEST POLICY LOG LIMIT:BURST
fw net ACCEPT
fw dmz ACCEPT
net dmz REJECT info
net fw REJECT info
dmz fw ACCEPT
dmz net REJECT
/etc/shorewall/proxyarp
#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
213.115.134.1 eth1 eth0 No
213.115.134.2 eth1 eth0 No
213.115.134.3 eth1 eth0 No
213.115.134.4 eth1 eth0 No
/etc/shorewall/rules
ACCEPT net dmz:213.115.134.4 tcp
smtp,domain,http,pop3,143,vnc,1000,47110
ACCEPT net dmz:213.115.134.1 tcp domain
ACCEPT net dmz:213.115.134.1 udp domain
ACCEPT net dmz:213.115.134.2 tcp domain
ACCEPT net dmz:213.115.134.2 udp domain
### ICMP Handling Rules ###
ACCEPT net dmz icmp 8
ACCEPT net fw icmp 8
ACCEPT dmz net icmp 8
/etc/shorewall/zones
#ZONE DISPLAY COMMENTS
net Net Internet
#loc Local Local networks
dmz DMZ Demilitarized zone
[root@ucsfw02 shorewall]# shorewall version
2.1.3
[root@ucsfw02 shorewall]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
inet6 ff02::1/128 scope global
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:22:39:02:1d brd ff:ff:ff:ff:ff:ff
inet 213.115.252.92/29 brd 213.115.252.95 scope global eth0
inet6 fe80::250:22ff:fe39:21d/64 scope link
valid_lft forever preferred_lft forever
inet6 ff02::1:ff39:21d/128 scope global
valid_lft forever preferred_lft forever
inet6 ff02::1/128 scope global
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:22:39:02:16 brd ff:ff:ff:ff:ff:ff
inet 213.115.134.30/27 brd 213.115.134.31 scope global eth1
inet6 fe80::250:22ff:fe39:216/64 scope link
valid_lft forever preferred_lft forever
inet6 ff02::1:ff39:216/128 scope global
valid_lft forever preferred_lft forever
inet6 ff02::1/128 scope global
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:22:c8:88:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.4.253/24 brd 192.168.4.255 scope global eth2
inet6 fe80::250:22ff:fec8:889d/64 scope link
valid_lft forever preferred_lft forever
inet6 ff02::1:ffc8:889d/128 scope global
valid_lft forever preferred_lft forever
inet6 ff02::1/128 scope global
valid_lft forever preferred_lft forever
5: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
[root@ucsfw02 shorewall]# ip route show
213.115.134.1 dev eth1 scope link
213.115.134.2 dev eth1 scope link
213.115.134.3 dev eth1 scope link
213.115.134.4 dev eth1 scope link
213.115.252.88/29 dev eth0 scope link
213.115.134.0/27 dev eth1 scope link
192.168.4.0/24 dev eth2 scope link
127.0.0.0/8 dev lo scope link
default via 213.115.252.92 dev eth0
=================================Joakim Hellström
Chief System Engineer
United Computer Systems Scandinavia AB
Klostergatan 56
S-582 23 Linköping, SWEDEN
Phone 1: +46 (0)13 13 97 92
Phone 2: +46 (0)13 13 96 00 (recep.)
Fax: +46 (0)13 13 97 35
GSM: +46 (0)708 13 97 35
URL: http://www.ucs.se <http://www.ucs.se/>
This e-mail is intended for the addressee(s) named above only. As this e-mail
may contain confidential or privileged information, if you are not the named
addressee(s) or the person responsible for delivering the message to the named
addressee(s), please telephone us immediately. The contents of this e-mail
should not be disclosed to any other person nor copies taken.