Dear Friends:
I am very new to shorewall stuff. I am trying to create (obviously for
the first time) a home datacenter with a setup like below:
+--------+
| ADSL |
| Modem |
+---+----+
|
eth0: 81.216.202.218
+------+--------+
| OpenVZ box w |____DMZ connected
| HN as firewall| |with xover
+-and VPSes --+ |cable
LOC | eth2: 192.168.1.254
eth1: 192.168.0.254 | +-----+---+
+------.............. | |
|local router+gw 192.168.1.250
+--+---+ +---------+
192.168.2.254
|
|___|_______+
| |
| |
| |
+-----+ +---+---+
| | | |
+-----+ +-------+
192.168.2.0/24
I want to make the 192.168.1.250 (a trixbox voip server) as well as
other webservers in the firewall+router cum OpenVZ box with several
virtual servers in the DMZ zone accessible to the world and vice
versa.
I did everything I could in the rules and policy. When I port
forwarded dmz:192.168.1.250 in rules, the rest in DMZ including $FW
itself became unavailable. On the other hand the voip server could
connect to the remote voip terminator, but could not pass through the
audio. I tried to separately port forward the necessary ports (namely
udp 5060-5088 for sip, udp 8000-20000 for rtp and 4569 for iax and tcp
25 and 110 for smtp and pop respectively. But none worked.
I shall be obliged if any of the shorewall gurus could help me how to
host several servers (voip and webserver with VPSes inside).
Kindly guide me. Please let me inform you that it is Centos4.4 based
machines with Shorewall 3.0.7 and the output of some of the commands
are below:
# ip addr show
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:8b:90:16:21 brd ff:ff:ff:ff:ff:ff
inet 81.216.202.218/27 brd 81.216.202.223 scope global eth0
6: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:39:25:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1
8: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:01:02:f0:c1:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
# ip route show
81.216.202.192/27 dev eth0 proto kernel scope link src 81.216.202.218
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.254
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
169.254.0.0/16 dev eth2 scope link
default via 81.216.202.193 dev eth0
Kindly let me know if I need to furnish any more information to get my
home network running. Thank you.
With best regards,
GT
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
