I am not so sure I understood that
the firewall has 4 interfaces
eth0=is the one we have trouble with and is connected to a router to isp1
so what ever goes out to the net through ISP1 from loc and fw was to be masqed
as the external interface of the router.
What ever goes out from the DMZ to ISP0 no MASQ.
I am confused with the these lines
#INTERFACE   SUBNET          ADDRESS
$ISP1IF      $HOLOC          $OTLOC #=10.0.11.2
$ISP2IF      $OTLOC          $HOLOC #=10.0.12.2
Harry...
> On Thursday 06 April 2006 09:36, grharry@freemail.gr wrote:
> > > So .....
> > > ISP ---212.202.xx.xx [ modem -router]10.0.11.1 ----
10.0.11.2[-eth0 -
> > > FIREWALL - (DMZ) -eth2] 62.103.xx.1/28 ---- 62.103.xx.2/28[ DMZ
MAIL
> > > SERVER]
> > > is your suggestion I suppose with NO masq enty for the dmz zone.
> > >
> > >
> > >
> > >Yes, that''s correct. And of course the modem-router has a
route to the /> 28
> > > =3D via=3D20 10.0.11.2. The default gateway of the FIREWALL is
10.0.11.1
> > > while the defau=3D
> >
> > lt=3D20
> >
> > >gateway for the DMZ server(s) is 62.103.xx.1.
> > >
> > >Tom
> > >
> > >Tom Eastep    \ Nothing is foolproof to a sufficiently talented
fool
> > >Shoreline,     \ http://shorewall.net
> > >Washington USA  \ teastep@shorewall.net
> > >PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
> >
> > Hi Tom ...
> > I am having difficulty trying to "config" the router NOT to
NAT the dmz
> > zone "62.103.xx.1". with the external iface being
212.202.xx.xx is there a
> > way I can do this from shorewall and disable NAT on the cheap router
what
> > so ever ????
> >
> > I did it for a moment and it only succeded from the dmz zone....
> >
> > the masq file is a typical of a multiISP.
> > MASQ
> >
> > $ISP1IF      $HOLOC          $OTLOC #=3D10.0.11.2
> > $ISP2IF      $OTLOC          $HOLOC #=3D10.0.12.2
> > #---------------------- DMZ INTERFACE
> > $ISP1IF      $DMZIF          $OTLOC
> > $ISP2IF      $DMZIF          $HOLOC
> > #---------------------- LOC INTERFACE
> > $ISP1IF      $LOCIF          $OTLOC
> > $ISP2IF      $LOCIF          $HOLOC
> >
> > That is I tried as $OTLOC_test=3D212.202.xxx
> > Harry...
> 
> You can masq traffic from the 10.0.11.0/24 network using the DMZ
interface''> s=20
> IP address.
> 
> =2DTom
> =2D-=20
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
> 
> --nextPart5930624.fu004mFdmP
> Content-Type: application/pgp-signature
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> 
> iD8DBQBENUcQO/MAbZfjDLIRAjJPAKCFYrE95w0PE0A2QW96p3N+2DnEgwCeNnma
> SpVfElVRg9FPLgWCZ/6nNPs> =3UIF
> -----END PGP SIGNATURE-----
> 
> --nextPart5930624.fu004mFdmP--
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642