Hi at 05.11.2010 02:11, wfdudley wrote: > I'll stop being grumpy now. > > I was just dismayed that the docs for this are, um, more diffuse that my old > LRP install. > > I'd suggest that the floppy is way past it's time, and now its time to > make a LRP > release that assumes real storage, like a 250Meg CF card, or other solid state > "disk drive". Then you can have the docs, a real editor, even a real GUI if > somebody gets ambitious and codes it up.
Please keep in mind there is the rest of us, living with running hardware that would require an update in that case :-) > > So: my REAL problem. > > My ISP (and my employer) gives me a block of 16 public IP addresses. > xxx.xxx.xxx.16/28 > xxx.xxx.xxx.17 is the pipeline > xxx.xxx.xxx.18 is the WAN port on the firewall > The LAN port is 192.168.1.254, for laptops, Winders boxes, other stuff > without fixed > address > The DMZ port is xxx.xxx.xxx.16/28. The current LRP/Dachstein uses Proxy Arp > (not bridging, I was mistaken, the m0n0wall does bridged firewall) so that the > servers on the DMZ have some ports visible to the outside world. OK so I suggest to build it just the same, use Proxy ARP. I don't recall the Dachstein settings anymore though. > > The shorewall docs say "use the three port example -- unless you've got > multiple > IPs, in which case, never mind, you'll have to read all the docs". > I'm paraphrasing, > obviously. This is about when I threw up my hands. It is not that bad, I guess you have a three port version of the Alix board. Just start by configuring your external and internal network, I have not looked up the three port example by Tom Eastep, but the way I remember all his docs are extremely precise. > > Anyway, a concise set of example shorewall config files would be a big help. You only need to touch about 5 files. /etc/shorewall/policy /etc/shorewall/interfaces /etc/shorewall/zones /etc/shorewall/rules /etc/shorewall/proxyarp please refer to the examples at http://www.shorewall.net/3.0/shorewall_setup_guide.htm#Options http://www.shorewall.net/3.0/shorewall_setup_guide.htm#ProxyARP this is probably what you want If you cannot find your way with this information then try to tell us where exactly you get stuck. cheers Erich
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
