Hello,
I have DSL 4000 - 4 Mb download and 0,5 Mb upload. I have computer
with linux slackware and new shorewall, and there is masquerading
DSL on LAN network. I have 2 network interfaces in my computer
(gateway) - eth0 and eth1. Eth0 with DSL (5 external IP''s) and eth1 -
local network with masquerading one external IP on all network
computers (30 computers). I was wondering if it is possible to give
some external IP to each computers from lan. For exaplme one for me.
It is impossible to put more nerwork adapters into my gateway with
linux and shorewall. There are and will be only 2 adapters in computer
(eth0 - net and eth1 - loc).
------------------------------------------------------
My config files:
interfaces:
net eth0 192.168.2.255
loc eth1 192.168.1.255 dhcp,maclist
masq:
eth0 eth1
zones:
net net
loc loc
dmz dmz
------------------------------------------------------
How to and it is possible to give more external IP adresses to my
local area network ??
root@hades:/etc/shorewall# ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:4F:1B:AB:16
inet addr:83.14.215.157 Bcast:83.14.215.159 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3516500 errors:0 dropped:0 overruns:0 frame:0
TX packets:3038271 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3271672222 (3120.1 Mb) TX bytes:609544205 (581.3 Mb)
Interrupt:10 Base address:0x9000
eth1 Link encap:Ethernet HWaddr 00:0E:2E:32:52:F9
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7552456 errors:0 dropped:0 overruns:0 frame:0
TX packets:4125806 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1201229534 (1145.5 Mb) TX bytes:4043501365 (3856.1 Mb)
Interrupt:12 Base address:0xb000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3630 errors:0 dropped:0 overruns:0 frame:0
TX packets:3630 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:295817 (288.8 Kb) TX bytes:295817 (288.8 Kb)
--
best wishes from Poland
Maciek
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Saturday 11 March 2006 07:45, viuwier wrote:> Hello, > > I have DSL 4000 - 4 Mb download and 0,5 Mb upload. I have computer > with linux slackware and new shorewall, and there is masquerading > DSL on LAN network. I have 2 network interfaces in my computer > (gateway) - eth0 and eth1. Eth0 with DSL (5 external IP''s) and eth1 - > local network with masquerading one external IP on all network > computers (30 computers). I was wondering if it is possible to give > some external IP to each computers from lan.I recommend using one-to-one NAT for that. See: http://www.shorewall.net/shorewall_setup_guide.htm http://www.shorewall.net/NAT.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hello, Ok, i have done in my nat file: 83.14.215.157 eth0 192.168.1.6 And now I (192.168.1.6) have external IP (83.14.215.157). Rest of the network (30 people) have other one IP (83.14.215.156) with masq. Now I want to make rules for my network computer 192.168.1.6/83.14.215.157. I want to move all trafic from net to 83.14.215.157 to local 192.168.1.6. So to be without firewalling. Also allow all trafic from 192.168.1.6 to 83.14.215.157 to net. But I don''t know how to make rules for computer with nat external IP address. Please help me. -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Sunday 12 March 2006 18:00, viuwier wrote:> Hello, > > Ok, i have done in my nat file: > > 83.14.215.157 eth0 192.168.1.6 > > And now I (192.168.1.6) have external IP (83.14.215.157). Rest of the > network (30 people) have other one IP (83.14.215.156) with masq. > > Now I want to make rules for my network computer 192.168.1.6/83.14.215.157. > I want to move all trafic from net to 83.14.215.157 to local 192.168.1.6. > So to be without firewalling. Also allow all trafic from 192.168.1.6 to > 83.14.215.157 to net. But I don''t know how to make rules for computer > with nat external IP address. Please help me.http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html You really should familiarize yourself with the Shorewall documentation. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> You really should familiarize yourself with the Shorewall documentation.You are rigth, and there is answer to my question: "In either case, to create rules in /etc/shorewall/rules that pertain only to this NAT pair, you simply qualify the local zone with the internal IP address" There is everything, but it is not so easy for me, my english is awful :/ So I unterstand that I can make simply rules for my IP whitch is in nat file (192.168.1.6) and make the same rules for other IP from my local network, whitch isn''t in my nat file ? rules: #allow ssh from net to my external IP 83.14.215.157 to 192.168.1.6: ACCEPT net loc:192.168.1.6 tcp 22 # #allow ssh from net to 83.14.215.157 to 192.168.1.4(IP is not in nat, #so have only masq): ACCEPT net loc:192.168.1.4 tcp 22 # It is correct ? -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Monday 13 March 2006 03:33, viuwier wrote:> > You really should familiarize yourself with the Shorewall documentation. > > You are rigth, and there is answer to my question: > > "In either case, to create rules in /etc/shorewall/rules that pertain only > to this NAT pair, you simply qualify the local zone with the internal IP > address" > > There is everything, but it is not so easy for me, my english is awful :/ > > So I unterstand that I can make simply rules for my IP whitch is in > nat file (192.168.1.6) and make the same rules for other IP from my > local network, whitch isn''t in my nat file ? > > rules: > #allow ssh from net to my external IP 83.14.215.157 to 192.168.1.6: > ACCEPT net loc:192.168.1.6 tcp 22 #That rule would do what you want.> #allow ssh from net to 83.14.215.157 to 192.168.1.4(IP is not in nat, > #so have only masq): > ACCEPT net loc:192.168.1.4 tcp 22 # >That rule should do nothing, especially if you have set ''norfc1918'' on the net interface in /etc/shorewall/interfaces. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key