[Shorewall-users] Problem with standard two network interface

Tue, 10 Jul 2007 23:32:15 -0700 

Hello everybody

  I`ve got this problem getting shorewall to work correctly with my network 
setup. Firstly, I`ve been assigned a specific IP range by our ISP provider is 
10.41.20.9 to 10.41.23.254 with a netmask of 255.255.252.0
  I`ve assigned my eth0 interface to an IP address 10.41.20.100 and given it a 
default route of 10.41.20.1 (my gateway router to the internet). Now I want to 
create an internal class C subnet with no direct connection to the gateway. 
Thus I give the IP 10.41.22.200 to my eth1 interface. 

config_eth0=( "10.41.20.100 netmask 255.255.252.0 brd 10.41.23.255")
routes_eth0=( "default via 10.41.20.1")
dhcp_eth0="nodns"
config_eth1=("10.41.22.200 netmask 255.255.255.0 brd 10.41.22.255")
dhcp_eth1="nodns"

My policy is 

# LOCAL network to Internet allowed
#loc            net               ACCEPT

# fw to network access allowed
fw              net             ACCEPT

# local to fw allowed
loc             fw              ACCEPT

# fw to local allowed
fw              loc             ACCEPT

# network to all dropped
net             all             DROP            info

# The following policy must be   last
all             all             REJECT          info
#LAST LINE -- DO NOT REMOVE

since I do not want direct connection to the Internet from my eth1 interface, 
only via a proxy.

My rules are : 

# MAIL port - POP 3
ACCEPT  loc     net     tcp     110

since I want pop 3 traffic to pass through. 

I also attach my shorewall dump file. 

I do not use NAT currently. The problem is that pop3 traffic does not pass from 
any computer on the Internal class C network 10.41.22.1 to 10.41.22.254. When I 
turn on NAT pop traffic passes through the firewall with no problem. 

Any idea what the problem might be?

  I would have attached my shorewall dump file but when I attach it I get 
rejected by the mailing list due to a max message size cap. I tried zipping it 
but now the system says that it cannot accept a zip file.

              
---------------------------------
 Χρησιμοποιείτε Yahoo!
 Βαρεθήκατε τα ενοχλητικά μηνύ ματα (spam); Το Yahoo! Mail διαθέτει την 
καλύτερη δυνατή προστασία κατά των ενοχλητικών μηνυμάτων 
 http://login.yahoo.com/config/mail?.intl=gr 
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to