On Fri, 22 Nov 2002, Robert Szabo wrote:
> I would like some advice on how to what avenue I need to take to solve a
> problem.
>
>
> I have a Bering firewall with 3 NIC cards in it.
>
> This is what I would like to use:
>
> eth0 is set to an internet address and is connected to a DSL router with an
> internet address in and out. It is set to be the default gateway.
>
> eth1 is set to local IP 192.168.1.198/26 and is connected to the lan.
>
> eth2 is set to local IP 192.168.2.198/26 and is connected to an ISDN router
> with an inside address of 192.168.2.196/26 and an outside internet address
> it is used for point to point to a single IP (208.x.x.x) on the net.
>
> I have no problem connecting to the internet from the lan through eth0 but
> what would be the proper way to setup shorewall so that I can send any
> traffic destined for IP 208.x.x.x from the lan through eth2 and also be
> able to get traffic back to the lan. This connection is used for Oracle
> database transactions only.
That is a HUGE swath of ip addresses to claim will only be used for Oracle
database connections.
Add this to /etc/network/interfaces:
iface eth2 inet static
address 192.168.2.198
netmask 255.255.255.192
broadcast 192.168.2.255
up ip route add 208.0.0.0/8 via 192.168.2.196 \
src 192.168.2.198 || true
down ip route del 208.0.0.0/8 via 192.168.2.196 \
src 192.168.2.198 || true
I am not certain of the following, but I don't see much to do except tell
shorewall the interface is there.
/etc/shorewall/interfaces:
net eth2 - routefilter
You don't want to masq on eth2, because the ISDN router is already doing
that. You could setup a new "Oracle" zone, and limit your connections
through it by editing /etc/shorewall/policy and /etc/shorewall/rules, but
as I said above, I find it hard to believe you would want to treat such a
large number of ip addresses as anything different than "net".
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
