Dr. Harry Knitter <ha...@knitter-edv-beratung.de> wrote: > The machine has two nics eth0 (internal) and eth1 (external), the latte > pointing to a dsl-router. > > The internal net is 192.168.0.0/24 the external, consisting only oft the > external nic and the dsl-router is 192.168.120.0/24 <snip> > <masq> > eth0 eth1 > eth1 eth0 > </masq>
Assuming that the DSL router is doing NAT, I wouldn't do NAT in your firewall as well - NAT == broken, two levels of NAT == doubly broken. Remove the Masq file and it won't attempt to mangle addresses. The only thing you'll need to do is add a static route in the DSL router telling it that packets for 192.168.0.0/24 can be reached via 192.168.120.n (the outside address of your firewall box). Alternatively, you might consider putting the DSL router into transparent modem mode, and run pppd on your firewall - you get a lot more visibility that way. As a variation on that, some DSL "modems" (eg Netgear DM-111P) will handle the PPP side of things and present the raw packets via ethernet. I used to run this for some time - avoids running ppp on your firewall, but with the Netgear device it does mean you have to use DHCP to get your public IP from the modem. ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
