Ryan Ferguson wrote: >I'm trying to setup cidr routing on shorewall and don't understand >the proper way to do this. We changed isp's to cox.net and now they >have given us a public ip and a public cidr block of ip's on a >separate subnet than our public ip is on. How do I set this up >proper in the config files?
Lucky you - that allocation of IPs gives you so much flexibility. Traditionally you'd use three interfaces - one outside, one 'dmz', one inside. Your outside interface will obviously have to match teh single public IP etc. Then you use the additional IP block on the dmz, and private (RFC1918) addresses on the internal LAN. It's great for servers because they can be on public IPs (ie no NAT) but still have a firewall between them and the outside world. With that setup, you define your three interfaces, NAT your inside interface to the outside (using the shared public IP), and set your policies and rules. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
