Sean,
To clarify, there are two possible cases:
Is this a DSL Router that itself does NAT and PPPoE? In that case, similar
to one of mine, you would assign e.g. 192.168.254.254 (probably the Router
assigns a /24) to the ethernet interface on your firewall which is
connected to the DSL router. Your gateway (default route) would be
192.168.254.1. Although outside systems will see your traffic as coming
from 66.x.x.x, your firewall doesn't know about that address. Unless there
is a DNAT capability or DMZ capability on the router, you won't be able to
reach your firewall nor inside systems from the public Internet - a good
thing in most cases.
I have another case in which I have a true DSL modem (no routing
capabilities nor PPPoe stack). The ethernet interface on the firewall that
connects to the DSL modem is 192.168.254.2/30 (I have set the DSL modem to
192.168.254.1/30). PPPoE runs on the firewall using that interface. and
once the PPPoE-layer connection is established, a new interface ppp0 is
created and the ISP assigns 66.x.x.x as the address of that interface via
DHCP. Shorewall does NAT for traffic going out on ppp0. The underlying
ethernet interface is used only (1) for managing the modem's web GUI; and
(2) to carry the PPPoE traffic. IN this case, your firewall can be accessed
from the public Internet as 66.x.x.x.
In either case, you simply need rules to allow outbound http(s) etc. from
the ethernet interface (not ppp0 in case 2) to 192.168.254.1. And you also
need rules to allow your normal web surfing to all outside addresses, on
the ethernet interface in case 1 and on ppp0 in case 2.
Perhaps that helps some... If it's not clear, the make and model of your
DSL modem will reveal whether it's a simple modem or a DSL Router.
Norm
On Tue, Sep 5, 2017 at 11:28 PM, Tom Eastep <[email protected]> wrote:
> On 09/05/2017 11:12 AM, Sean Whitney wrote:
> > All:
> >
> > I have a DSL modem that provides a publicly routed IP scope /32, but it
> > is managed with a private IP address 192.168.254.1.
> >
> > What can I do to allow http/s, telnet, ssh traffic between the local
> > network and the private IP address on the Internet side.
> >
> > My setup is based on the three interface network, using masq
> >
> >
> >
> > Internet -- |DSL modem| -- fw -- local
> > 192.168.254.1 | 192.168.0.0/24
> > 66.x.x.x |
> > |-- dmz
> >
>
> Does the modem assign the 66.x.x.x address to your firewall's external
> interface? And what Shorewall version are you running?
>
> -Tom
> --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
