Shorewall users - Apr 2006 - Re:Proxyarp ??

> So .....
> ISP ---212.202.xx.xx [ modem -router]10.0.11.1 ---- 10.0.11.2[-eth0 -
> FIREWALL - (DMZ) -eth2] 62.103.xx.1/28 ---- 62.103.xx.2/28[ DMZ MAIL
> SERVER]
> is your suggestion I suppose with NO masq enty for the dmz zone.
>
>
>
>Yes, that''s correct. And of course the modem-router has a route to
the /28 = via=20
>10.0.11.2. The default gateway of the FIREWALL is 10.0.11.1 while the
default=20
>gateway for the DMZ server(s) is 62.103.xx.1.
>Tom
>
>Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
>Shoreline,     \ http://shorewall.net
>Washington USA  \ teastep@shorewall.net
>PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
Hi Tom ...
I am having difficulty trying to "config" the router NOT to NAT the
dmz zone "62.103.xx.1".
with the external iface being 212.202.xx.xx is there a way I can do this from
shorewall and disable NAT on the cheap router what so ever ????

I did it for a moment and it only succeded from the dmz zone....

the masq file is a typical of a multiISP.
MASQ

$ISP1IF      $HOLOC          $OTLOC #=10.0.11.2
$ISP2IF      $OTLOC          $HOLOC #=10.0.12.2
#---------------------- DMZ INTERFACE
$ISP1IF      $DMZIF          $OTLOC
$ISP2IF      $DMZIF          $HOLOC
#---------------------- LOC INTERFACE
$ISP1IF      $LOCIF          $OTLOC
$ISP2IF      $LOCIF          $HOLOC 

That is I tried as $OTLOC_test=212.202.xxx
Harry...


 



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

On Thursday 06 April 2006 09:36, grharry@freemail.gr
wrote:
> > So .....
> > ISP ---212.202.xx.xx [ modem -router]10.0.11.1 ---- 10.0.11.2[-eth0 -
> > FIREWALL - (DMZ) -eth2] 62.103.xx.1/28 ---- 62.103.xx.2/28[ DMZ MAIL
> > SERVER]
> > is your suggestion I suppose with NO masq enty for the dmz zone.
> >
> >
> >
> >Yes, that''s correct. And of course the modem-router has a
route to the /28
> > = via=20 10.0.11.2. The default gateway of the FIREWALL is 10.0.11.1
> > while the defau>
> lt=20
>
> >gateway for the DMZ server(s) is 62.103.xx.1.
> >
> >Tom
> >
> >Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> >Shoreline,     \ http://shorewall.net
> >Washington USA  \ teastep@shorewall.net
> >PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
> Hi Tom ...
> I am having difficulty trying to "config" the router NOT to NAT
the dmz
> zone "62.103.xx.1". with the external iface being 212.202.xx.xx
is there a
> way I can do this from shorewall and disable NAT on the cheap router what
> so ever ????
>
> I did it for a moment and it only succeded from the dmz zone....
>
> the masq file is a typical of a multiISP.
> MASQ
>
> $ISP1IF      $HOLOC          $OTLOC #=10.0.11.2
> $ISP2IF      $OTLOC          $HOLOC #=10.0.12.2
> #---------------------- DMZ INTERFACE
> $ISP1IF      $DMZIF          $OTLOC
> $ISP2IF      $DMZIF          $HOLOC
> #---------------------- LOC INTERFACE
> $ISP1IF      $LOCIF          $OTLOC
> $ISP2IF      $LOCIF          $HOLOC
>
> That is I tried as $OTLOC_test=212.202.xxx
> Harry...
You can masq traffic from the 10.0.11.0/24 network using the DMZ
interface''s
IP address.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key