Re: [Shorewall-users] RFC1918 outside firewall

Wed, 06 Sep 2017 10:38:43 -0700 

On 09/06/2017 06:52 AM, Sean Whitney wrote:
> I have a 66.x.x.x address for the ethernet interface.  The modem will
> provide DHCP, but I have it set manually.  All the PPPOE is handled by
> the modem, and I only have to assign an IP address (it's not in
> transparent mode).
> 
> I'm using shorewall version 4.6.4.3-2 on devuan/debian(jessie).
> 

Then:

a) Using your distribution's network configuration tools, add address
192.168.254.2/24 to your external interface.

b) Add this entry at the top of your masq file:

        ethX:192.168.254.0/24   -       192.168.254.2

   where ethX is your external interface.

-Tom

> 
> Sean
> 
> On 09/05/2017 03:28 PM, Tom Eastep wrote:
>> On 09/05/2017 11:12 AM, Sean Whitney wrote:
>>> All:
>>>
>>> I have a DSL modem that provides a publicly routed IP scope /32, but it
>>> is managed with a private IP address 192.168.254.1.
>>>
>>> What can I do to allow http/s, telnet, ssh traffic between the local
>>> network and the private IP address on the Internet side.
>>>
>>> My setup is based on the three interface network, using masq
>>>
>>>
>>>
>>> Internet -- |DSL modem| -- fw -- local
>>>               192.168.254.1  |     192.168.0.0/24
>>>               66.x.x.x       |
>>>                              |-- dmz
>>>
>>
>> Does the modem assign the 66.x.x.x address to your firewall's external
>> interface? And what Shorewall version are you running?
>>
>> -Tom
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
> 


-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to