> Date: Tue, 27 Apr 2004 00:23:59 -0400 > From: George Metz <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Dachstein as border_router? (public > ip addresses > etc) > > Don't know about shorewall (which you would have to configure > to allow > VPN traffic to pass through to that specific IP address), but > what you > basically want it to do is substitute for a traditional router. > Effectively, you'd simply have to turn off NAT and let DNS and the > public IP addresses do the rest.
> Configuring Shorewall, on the other hand, is pretty > straightforward; all > you need to do is forward the ports you want to hit each > device to the > respective devices, and deny all (probably both ways - loc to net and > net to loc) on everything else. > > Going from memory, the commands would be: > > ACCEPT net loc:addrPUBB TCP/UDP* PortNum > > * Whichever protocol is correct. > > That would be VPN. If addrPUBC is a Web and FTP server, and > addrPUBD is > a mailserver, then you'd do: > > ACCEPT net loc:addrPUBC TCP http > ACCEPT net loc:addrPUBC TCP https > ACCEPT net loc:addrPUBC TCP ftp > ACCEPT net loc:addrPUBC TCP ftp-data > > ACCEPT net loc:addrPUBD TCP smtp So if NAT is turned off and I have straight-forward routing happening, will the shorewall rules mean only what it says will get through? Or will the shorewall just forward packets addressed to the firewall to another server, without interfering with packets addressed to the other public servers? (Sorry, I confess I don't know too much about Shorewall etc!) Also, when packets are forwarded to another server, does anything need to be done on the other server, so it can talk to the requester properly, and go back through the leaf box? Or does it just act as if it came direct to itself? Thanks! Craig. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html