On 3/25/11 11:19 AM, James wrote: > On Fri, 2011-03-25 at 08:57 -0700, Tom Eastep wrote: >> On 3/25/11 8:42 AM, James wrote: >> >> >> >>> >>> /etc/shorewall/masq: >>> eth4 br0 # masquerade the dmz out to the net >> >> You really should replace 'br0' with the corresponding subnet address. > Done, I put: 192.168.123.0/24 Thanks for pointing this out, I re-read > the masq docs. >> >>> >>> /etc/shorewall/interfaces: >>> net eth4 detect tcpflags,routefilter,nosmurfs,logmartians >>> dmz br0 detect bridge,optional >> >>> >>> Please could you point me in the right direction as to the correct >>> rules/and or policies I need to add. I was guessing perhaps 'routeback' >>> on the br0 in interfaces, is this right? >> >> Yes -- please see Shorewall FAQs 17 and 35. Also, which Shorewall >> version are you running. In the later versions, the *bridge* option >> should automatically imply *routeback* and your /etc/shorewall/masq >> entry elicits a WARNING. > Unfortunately, not the latest... Using the centos5 version which is > 4.0.15... My bad! >
Simon Matter maintains current versions for Fedora/Redhat/CentOS. See the Shorewall download page. > Should I be mentioning the tap0 devices in shorewall at all? No. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
