[Shorewall-users] VLANs behind a router

Sat, 23 Oct 2010 19:18:32 -0700 

Hi.

Im very newbie with shorewall.

Basically i need permit direct access form all the network to some
Publics IP, because they publish some applications to cant be accessed
using a proxy (the ips are declared in the /etc/shorewall/masq file).

The problem is: we have all the VLANs behind a router (192.168.200.1),
but the VLANs are not accessing to the Public IPs.    I declare in the
interfaces file the option routeback to LAN zone, because the VLANs
connect to the proxy using that interface.

PROXY:/etc/shorewall# cat interfaces
VPN     tun0
LAN     eth1    -       routeback
WAN     eth0


PROXY:/etc/shorewall# cat masq
eth0:200.1.173.12       eth1
eth0:200.1.173.78       eth1
eth0:173.224.118.154    eth1
eth0:173.224.112.70     eth1
eth0:72.21.203.149      eth1
eth0:72.21.207.165      eth1
eth0:72.21.211.171      eth1
eth0:69.163.136.121     eth1
eth0:200.58.204.118     eth1
COMMENT station with total internet access.
eth0    192.168.10.4/32
eth0    192.168.10.19/32


PROXY:/etc/shorewall# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0    192.168.200.1   255.255.255.0   UG    0      0        0 eth1
192.168.5.0    192.168.200.1   255.255.255.0   UG    0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.3.0    192.168.200.1   255.255.255.0   UG    0      0        0 eth1
10.10.10.0      192.168.200.1   255.255.255.0   UG    0      0        0 eth1
192.168.200.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.4.0    192.168.200.1   255.255.255.0   UG    0      0        0 eth1
192.168.9.0    192.168.200.1   255.255.255.0   UG    0      0        0 eth1
0.0.0.0         192.168.100.254   0.0.0.0         UG    0      0        0 eth0

How can i permit the direct access to the public IPs declared in the masq file?

Thanks and regards.

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to