<[EMAIL PROTECTED]> wrote: > It seems I need to set a static route from my internal to the >external network. I used the 10.41.20.8/29 external subnet (eth0) >and the 10.41.22.1/24 internal subnet (eth1). > The problem is that I have not the slightest idea on how to set a >static route. Can anyone help me out here?
I know this is going to sound terribly condescending, but your questions suggest that you do not (fully) understand the basics of IP networking. If you do not understand the basics, then I suggest that trying to understand and configure firewalls is a step too far. You need a good textbook in IP networking to start with ! There is quite a lot of information on Linux specifics at the Linux Net wiki (http://linux-net.osdl.org/index.php/Main_Page). In particular you will probably be wanting to use the "ip" and/or "route" commands. Be aware however that Linux will automatically set routes for all attached interfaces, so it is not your firewall box that needs the static route. I rather suspect that the route is needed on your ISPs router so that it knows where to route packets for the various subnets (ie via your firewall). If every device connected to the internet through this connection is going to be behind your firewall, then it should be sufficient to set a route for 10.41.20.0/22 via <your firewall IP address>. As an alternative to having your ISP configure routes on their router, it may be possible to deal with the problem via proxy-arp. I'm not sure on that as I have very rarely used proxy-arp and it's been a long time since I last had any dealings with it. In any case, getting the routes correct is a better way of doing it. >I used the 10.41.20.8/29 external subnet (eth0) Lastly, I think this conflicts with 10.41.20.1 being your gateway to the internet. 10.41.20.1 is not in the 10.41.20.8/29 subnet - again I return to the issue of understanding the basics of IP networking before attempting to configure firewalls. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
