[EMAIL PROTECTED] wrote: > On 9 Jan 2008 at 13:27, Tom Eastep wrote: > >> [EMAIL PROTECTED] wrote: >>> On 9 Jan 2008 at 11:01, Tom Eastep wrote: >>> >>>> [EMAIL PROTECTED] wrote: >>>>> I have a firewall box with four NIC cards, eth0 is connected to a >>>>> fiber modem through which I connect to the ISP using pppoe and >>>>> gets its static IP through dhcp, giving me ppp0, eth1 is my home >>>>> network on 192.168.3/24, eth2 is my office network on 10.1.1/24, >>>>> and eth3 is my dmz on 172.16.1/24 >>>>> >>>>> I am running a dhcp server for the 192.168.3/24 and 10.1.1/24 >>>>> networks. I am runninf dansguardian/squid for the 192.168.3/24 >>>>> network and squid for the 10.1.1/24 network. servers in the dmz >>>>> have static IP addresses and are using proxyarp through shorewall. >>>>> I also have a pptp vpn for outside access to the offic network. >>>>> >>>>> Here is my interfaces file: >>>>> >>>>> net ppp0 - >>>>> norfc1918,blacklist home eth1 192.168.3.255 >>>>> dhcp offic eth2 10.1.1.255 dhcp dmz >>>>> eth3 172.16.1.255 offic ppp+ >>>> In the 'boneheaded' category, here's one possibility: >>>> >>>> You have 'net' defined as 'ppp0' and 'offic' defined to include >>>> 'ppp+'. Given that ppp0 is included in 'ppp+', the order of the >>>> zones in /etc/shorewall/zones is important in determining if the >>>> zones are disjoint or if net is a sub-zone of offic. You want 'net' >>>> first! Otherwise, your REDIRECT rule for offic will also redirect >>>> requests from the net. >>> Thanks, Tom. My zone file contents are: >>> >>> #ZONE TYPE OPTIONS IN OUT >>> # OPTIONS >>> OPTIONS >>> fw firewall >>> net ipv4 >>> home ipv4 >>> offic ipv4 >>> dmz ipv4 >>> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE >> That looks ok -- so we'll need the information I requested in my other >> post. >> >> -Tom > > I sent that in another post, but I got a message that it was being > help for the moderator because it was too big.
Did you compress it? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
