On Fri, 2011-03-25 at 08:57 -0700, Tom Eastep wrote: > On 3/25/11 8:42 AM, James wrote: > > > > > > > /etc/shorewall/masq: > > eth4 br0 # masquerade the dmz out to the net > > You really should replace 'br0' with the corresponding subnet address. Done, I put: 192.168.123.0/24 Thanks for pointing this out, I re-read the masq docs. > > > > > /etc/shorewall/interfaces: > > net eth4 detect tcpflags,routefilter,nosmurfs,logmartians > > dmz br0 detect bridge,optional > > > > > Please could you point me in the right direction as to the correct > > rules/and or policies I need to add. I was guessing perhaps 'routeback' > > on the br0 in interfaces, is this right? > > Yes -- please see Shorewall FAQs 17 and 35. Also, which Shorewall > version are you running. In the later versions, the *bridge* option > should automatically imply *routeback* and your /etc/shorewall/masq > entry elicits a WARNING. Unfortunately, not the latest... Using the centos5 version which is 4.0.15... My bad!
Should I be mentioning the tap0 devices in shorewall at all? Thanks! James > > -Tom > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
