All
I'm sorry I sutured up the hornets nest by asking the question here.
At no point did I mention using NAT on the vmware interface so I'm not quite
sure how the discussion sparked up.
Just to clarify what I was doing, I have a /29 ip address block from my ISP
(publically routable, registered with Ripe, with my surname spelt wrong!).
What I was trying to do was run a vmware bridge on an interface so that I could
keep the zones config file down to interface level rather than nested with
subnets, but either vmware or linux would stop routing packets to the virtual
machines when the media state of the interface dropped.
I've got it working for now with a cheap hub but I'll either buy an ethernet
loopback jack (http://www.thinkgeek.com/gadgets/tools/6c20/) or knock one up.
I've found them in the US but anybody know where to get them in the UK?Si
> Date: Fri, 8 Jun 2007 15:20:56 -0400> From: [EMAIL PROTECTED]> To:
> [email protected]> Subject: Re: [Shorewall-users] General
> Linux Networking FOR NOVICES> > Simon Hobson wrote:> >> > What's the
> difference, security wise between :> > DNAT net loc:a.b.c.d> > and> > ALLOW
> net loc:a.b.c.d> > assuming you have a default policy net->loc of drop ?> > >
> > Simon,> > It's a huge difference. RFC 1918 packets are not routable. Thus,
> > even if your firewall drop rule failed, the chance of easy NAT traversal >
> is pretty slim if the admin of the gateway machine has been smart about >
> what services are exposed.> > You do not have that advantage if you are
> firewalling a LAN > comprised of routable IPs.> > --> Michael Cozzi> [EMAIL
> PROTECTED]> >
> ------------------------------------------------------------------------->
> This SF.net email is sponsored by DB2 Express> Download DB2 Express C - the
> FREE version of DB2 express and take> control of your XML. No limits. Just
> data. Click to get it now.> http://sourceforge.net/powerbar/db2/>
> _______________________________________________> Shorewall-users mailing
> list> [email protected]>
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
_________________________________________________________________
Celeb spotting – Play CelebMashup and win cool prizes
https://www.celebmashup.com/index2.html
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
