On 13 Feb 2008 at 15:52, Tom Eastep wrote: > Shawn Wright wrote: > > Hello, > > Hello Shawn. > > Haven't heard from you in quite a while.
Hi Tom, yes, it's been a while. Shorewall works so well I haven't needed to check in much. :-) > So let's see if I understand the problem. > > You want to: > > a) Forward UDP port 21068 to 10.2.251.10; and > b) You want to masquerade 10.2.241.10 to the internet. Yes. > If that's correct, then we need to know: > > a) Does the Shorewall box have a route to 10.2.243.10 via the Cicso? Yes. > b) Is the Cisco doing any form of NAT on behalf of 10.2.251.10? No. > I assume that the firewall has a route via the Cisco for the 10.2.254.10/xx > network? > > > > > and this in masq: > > eth1 $VLAN251 64.251.72.14 > > > > I'm guessing this won't work. > > Without knowing what the contents of $VLAN251 are, we have no way of telling. Sorry, $VLAN251 contains 10.2.251.0/24 > Is there another way to achieve this without adding > > another external IP to the firewall? > > If the Shorewall box has a route to 10.2.254.10 via the cisco and $VLAN251 > includes 10.2.254.10, and if 10.2.254.10 has a default route through the > cisco and if the cisco has a default route through the Shorewalll box then > it should work with the rules that you have. Great! I have since discovered something else is not working as it should, as I've duplicated a similar VLAN config, and am getting different results. I will sort that out before attempting to fix the shorewall issue, since it sounds like it should work as I need it to. > I suggest that you read http://www.shorewall.net/Multiple_Zones.html since > it covers your network topology. > > > > shorewall version 2.2.0 (I know, it's old) > > Old! That ancient thing went out of support between Thanksgiving day and > Christmas in 2005! Given that is the case, I don't know how much help we (or > the current Shorewall documents) will be. I was reading the 2.x docs, and they are still pretty good, but I hadn't seen the other one on multiple zones. I am planning to upgrade soon, I swear. I just have about 6 other servers that need to be done first... Thanks for the help! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
