On 9 Jan 2008 at 13:27, Tom Eastep wrote: > [EMAIL PROTECTED] wrote: > > On 9 Jan 2008 at 11:01, Tom Eastep wrote: > > > >> [EMAIL PROTECTED] wrote: > >>> I have a firewall box with four NIC cards, eth0 is connected to a > >>> fiber modem through which I connect to the ISP using pppoe and > >>> gets its static IP through dhcp, giving me ppp0, eth1 is my home > >>> network on 192.168.3/24, eth2 is my office network on 10.1.1/24, > >>> and eth3 is my dmz on 172.16.1/24 > >>> > >>> I am running a dhcp server for the 192.168.3/24 and 10.1.1/24 > >>> networks. I am runninf dansguardian/squid for the 192.168.3/24 > >>> network and squid for the 10.1.1/24 network. servers in the dmz > >>> have static IP addresses and are using proxyarp through shorewall. > >>> I also have a pptp vpn for outside access to the offic network. > >>> > >>> Here is my interfaces file: > >>> > >>> net ppp0 - > >>> norfc1918,blacklist home eth1 192.168.3.255 > >>> dhcp offic eth2 10.1.1.255 dhcp dmz > >>> eth3 172.16.1.255 offic ppp+ > >> In the 'boneheaded' category, here's one possibility: > >> > >> You have 'net' defined as 'ppp0' and 'offic' defined to include > >> 'ppp+'. Given that ppp0 is included in 'ppp+', the order of the > >> zones in /etc/shorewall/zones is important in determining if the > >> zones are disjoint or if net is a sub-zone of offic. You want 'net' > >> first! Otherwise, your REDIRECT rule for offic will also redirect > >> requests from the net. > > > > Thanks, Tom. My zone file contents are: > > > > #ZONE TYPE OPTIONS IN OUT > > # OPTIONS > > OPTIONS > > fw firewall > > net ipv4 > > home ipv4 > > offic ipv4 > > dmz ipv4 > > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE > > That looks ok -- so we'll need the information I requested in my other > post. > > -Tom
I sent that in another post, but I got a message that it was being help for the moderator because it was too big. Thanks. --Richard ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
