It seems I need to set a static route from my internal to the external
network. I used the 10.41.20.8/29 external subnet (eth0) and the 10.41.22.1/24
internal subnet (eth1).
The problem is that I have not the slightest idea on how to set a static
route. Can anyone help me out here?
Simon Hobson <[EMAIL PROTECTED]> έγραψε: wrote:
> I`ve got this problem getting shorewall to work correctly with my
>network setup. Firstly, I`ve been assigned a specific IP range by
>our ISP provider is 10.41.20.9 to 10.41.23.254 with a netmask of
>255.255.252.0
> I`ve assigned my eth0 interface to an IP address 10.41.20.100 and
>given it a default route of 10.41.20.1 (my gateway router to the
>internet). Now I want to create an internal class C subnet with no
>direct connection to the gateway. Thus I give the IP 10.41.22.200 to
>my eth1 interface.
>
>config_eth0=( "10.41.20.100 netmask 255.255.252.0 brd 10.41.23.255")
>routes_eth0=( "default via 10.41.20.1")
>dhcp_eth0="nodns"
>config_eth1=("10.41.22.200 netmask 255.255.255.0 brd 10.41.22.255")
>dhcp_eth1="nodns"
>I do not use NAT currently. The problem is that pop3 traffic does
>not pass from any computer on the Internal class C network
>10.41.22.1 to 10.41.22.254. When I turn on NAT pop traffic passes
>through the firewall with no problem.
>
>Any idea what the problem might be?
You have an invalid IP setup. Rule 1 of IP, all addresses are globally unique.
You have IP addresses on eth1 which are also on eth0 - ie not unique
and hence you have ambiguous routing. Also, the IP addresses you give
don't make sense !
You appear to have 10.41.20.0/22 which has addresses from 10.41.20.0
to 10.41.23.255 - so what's with the 10.41.20.9 as a starting point ?
There are two ways I see of resolving the first issue :
1) Use a bridge configuration so the firewall is transparent to the
IP addresses in use, but be aware that a lot of useful functionality
stops working if you use a 2.6.20 or above Linux kernel.
2) Change the IP setup of your outside interface.
You could for example split your allocation and set your outside
interface as (say) 10.41.20.2/29 which is what I suspect your
provider intended. You can then use various combinations of address
blocks internally as long as they don't overlap. The full and minimal
set of subnets would be :
10.41.20.8/29
10.41.20.16/28
10.41.20.32/27
10.41.20.64/26
10.41.20.128/25
10.41.21.0/24
10.41.22.0/23
In either case you should check with your provider what the IP setup
is on their router - they will need to have the same subnet mask as
you, and may have to add static routes for the whole block going via
your firewall.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
---------------------------------
Χρησιμοποιείτε Yahoo!
Βαρεθήκατε τα ενοχλητικά μηνύ ματα (spam); Το Yahoo! Mail διαθέτει την
καλύτερη δυνατή προστασία κατά των ενοχλητικών μηνυμάτων
http://login.yahoo.com/config/mail?.intl=gr -------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
