-----Original Message-----
From: Tom Eastep [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 April 2004 8:40
To: Craig Johnson
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Dachstein as border_router? (public ip addresses etc)
So if NAT is turned off and I have straight-forward routing
happening,
will the shorewall rules mean only what it says will get through? Or
will the shorewall just forward packets addressed to the firewall to
another server, without interfering with packets addressed
to the other
public servers? (Sorry, I confess I don't know too much
about Shorewall
etc!)
In the absence of any entries in /etc/shorewall/nat or /etc/shorewall/netmap and without any DNAT rules (the Shorewall manifestaion of 'NAT is turned off'), any packets addressed to the firewall will be handled according to net->fw rules and the applicable policy; they will not be forwarded off to some random server.
So what is the best way to set up net->fw rules with Dachstein or Bering? Also, how is best to turn off NAT stuff? In otherwords, which are all the things I need to check, to make sure I've covered everything? (Is it more than just network.conf?)
If you are going to use Bering, I would start with a shorwall.lrp from shorewall.net. Those packages have all NAT turned off by default.
The best best document for you to read is http://shorewall.net/shorewall_setup_guide.htm.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
