-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm using 4.4.0, so that would make RFC1918_STRICT deprecated?
I'm just a little confused now on the network settings for the port that is attached to the DSL modem, it's on eth0. I currently have this setup in /etc/network/interfaces (I'm running Debian 5.0 "Lenny"): # eth0 interface facing internet auto eth0 iface eth0 inet static address 76.5.159.xxx (last octet masked) netmask 255.255.255.224 gateway 76.5.159.161 The DSL modem is in bridged mode, and I can't get to it unless I add an alias, this is how it is configured presently: # virtual interface to DSL modem auto eth0:0 iface eth0:0 inet static address 192.168.2.2 netmask 255.255.255.0 For this to work correctly like you mention below, would I need to replace the static settings for eth0? I think if I do that the modem may not be aware of it's static IP configuration, but I could be wrong.... Or am I completely off base alltogether? :) Thanks, Stephen On Tue, Dec 15, 2009 at 10:05, Tom Eastep <teas...@shorewall.net> wrote: > Stephen Brown wrote: > >> I didn't even add a static route. I've a similar setup (Netgear > >> DM111P) and the only thing I've had to do is add a rule to allow the > >> traffic to that IP address (otherwise it gets blocked by all the > >> RFC1918 rules). The modem knows that to reach my public IP it has to > >> send the traffic to my interface rather than out the WAN I/F - no > >> exceptions to NAT or anything. > > > > How would I go about setting this up? Can you provide some sample syntax? > > I'm having different results on my DSL modem in bridged mode. It's IP > address is 192.168.1.1 and here is what I did: > > ip addr add 192.168.1.254/24 dev eth2 > ip route add 192.168.1.1/32 dev eth2 src 192.168.1.254 > > (If I wanted this to be permanent, I would add those to my distro's > network configuration). eth2 is, of course, the firewall interface > connected to the modem. > > I'm running Shorewall 4.4+ so the RFC1918 rules that Simon mentions > don't apply. I have NULL_ROUTE_RFC1918=Yes but the above route overrides > that setting for 192.168.1.1. > > I also found that I had to insert this into /etc/shorewall/masq, just to > be able to ping the modem from the firewall: > > eth2:192.168.1.1 0.0.0.0/0 192.168.1.254 > > That was necessary because of another masq rule which was altering the > source IP address: > > eth2 !206.124.146.0/24 206.124.146.179 > > You may need to add additional rules to handle the specific traffic that > you mention in your post. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Return on Information: > Google Enterprise Search pays you back > Get the facts. > http://p.sf.net/sfu/google-dev2dev > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAksnrF0ACgkQ3sJXNEncx7ghhACfdXJ7vPy9pmzsJ/1Bfo59FDMF ukIAoO9XhgHdDHUqhVLxkLiR9UOs26MW =0o0b -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
