Hi On Mon, Mar 11, 2013, at 05:10 PM, Matt Joyce wrote: > Before I go ahead and start going through your questions on this one I > want to clarify is there some particular reason why you are > intentionally keeping the the real IP addresses outside of the LAN, you > are aware I presume that you can set up your interfaces on the servers > with both a real IP address and an internal one if you wanted to, that > is how I used to work it when I had my /29 set up.
Two reasons: (1) it's similar to what's been already deployed, and i'm migrating (2) the number of servers that I need to expose externally exceeds the # of IPs I'm allocated. What I've provided here is simplified to demonstrate: (a) one listening daemon on the firewall box (b) one listening daemon on a dedicated box in the lan (c) one listening daemon on a Xen guest These three cases cover all my servers ... The docs @ shorewall are so extensive, I keep chasing down individual-topic rabbit-holes filled with myriad options. I end up having a hard time wrapping my head around the simplest approach for "my environment". The IPv6 side of the equation is a different story, of course. Cheers, -darx ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
