[Shorewall-users] 3 Interface Config, DNAT but all private networks - assistance

Thu, 29 Oct 2009 23:08:48 -0700 

Hi,

I'm struggling to get a configuration for shorewall working.

The network is as follows:

Server 2003 Web Server with 2 interfaces
Eth0 connected to the internet directly with a real IP and firewalled by
a Cisco.
Eth1 with address 10.3.3.3/24 connected to eth1 on the Debian Lenny
Linux Shorewall Box

Server 2003 SQL Server with 2 interfaces
Eth0 connected to the LAN with IP address 192.168.1.8/24
Eth1 with IP 172.16.1.8/24 connected to eth2 on the Debian Lenny Linux
Shorewall Box

Debian Lenny Linux shorewall box with 3 interfaces
Eth0 with IP 192.168.1.14/24 connected to the LAN 
Eth1 with IP 10.3.3.2/24 connected to the Web server 
Eth2 with IP 172.16.1.2/24 connected to and SQL Server 

The purpose being to isolate the Web Server in a DMZ, away from the SQL
Server and the LAN.

I would like to use NAT to hide the address of the SQL server from the
Web Server in the DMZ and allow port 1433 amongst others to connect from
the Web Server to the SQL Server.

My shorewall dump is attached and the configs are as follows:

======
masq:
eth1                    eth0            10.3.3.2
eth1                    eth2            10.3.3.2
======
======
policy:
fw              lan             ACCEPT          info
fw              dmz             ACCEPT          info
fw              sql             ACCEPT          info
lan             fw              ACCEPT
lan             dmz             DROP            info
lan             sql             DROP            info
dmz             all             DROP            info
sql             all             DROP            info
all             all             REJECT          info
======
======
rules:
SECTION NEW
DNAT            dmz             sql:172.16.1.8  tcp     1433    -
10.3.3.2
=====
=====
interfaces:
lan     eth0            detect
dmz     eth1            detect
sql     eth2            detect
=====
zones:
fw      firewall
lan     ipv4
dmz     ipv4
sql     ipv4
=====

Thanks

Attachment: status.tar.bz2
Description: status.tar.bz2

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to