On Thu, 2011-09-08 at 22:16 +0100, Simon Hobson wrote: > Ryan Ferguson wrote: > >I'm trying to setup cidr routing on shorewall and don't understand > >the proper way to do this. We changed isp's to cox.net and now they > >have given us a public ip and a public cidr block of ip's on a > >separate subnet than our public ip is on. How do I set this up > >proper in the config files? > > Lucky you - that allocation of IPs gives you so much flexibility. > > Traditionally you'd use three interfaces - one outside, one 'dmz', > one inside. Your outside interface will obviously have to match teh > single public IP etc. Then you use the additional IP block on the > dmz, and private (RFC1918) addresses on the internal LAN. It's great > for servers because they can be on public IPs (ie no NAT) but still > have a firewall between them and the outside world. > > With that setup, you define your three interfaces, NAT your inside > interface to the outside (using the shared public IP), and set your > policies and rules. >
I agree with Simon. The configuration that he recommends is so much cleaner than what you currently have; and it will work. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
