[EMAIL PROTECTED] wrote: > I have a firewall box with four NIC cards, eth0 is connected to a > fiber modem through which I connect to the ISP using pppoe and gets > its static IP through dhcp, giving me ppp0, eth1 is my home network > on 192.168.3/24, eth2 is my office network on 10.1.1/24, and eth3 is > my dmz on 172.16.1/24 > > I am running a dhcp server for the 192.168.3/24 and 10.1.1/24 > networks. I am runninf dansguardian/squid for the 192.168.3/24 > network and squid for the 10.1.1/24 network. servers in the dmz have > static IP addresses and are using proxyarp through shorewall. I also > have a pptp vpn for outside access to the offic network. > > Here is my interfaces file: > > net ppp0 - norfc1918,blacklist > home eth1 192.168.3.255 dhcp > offic eth2 10.1.1.255 dhcp > dmz eth3 172.16.1.255 > offic ppp+
In the 'boneheaded' category, here's one possibility: You have 'net' defined as 'ppp0' and 'offic' defined to include 'ppp+'. Given that ppp0 is included in 'ppp+', the order of the zones in /etc/shorewall/zones is important in determining if the zones are disjoint or if net is a sub-zone of offic. You want 'net' first! Otherwise, your REDIRECT rule for offic will also redirect requests from the net. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
