ok, thank you, but I'm not sure that it'll work for this situation will it?. I
already have three interfaces in the machine because there are two lans on
separate subnets and some of the servers cannot be located on the dmz with a
public address cause they are domain controllers. Is there a way I can keep
the current lan setups since some of them are also on xen machines running on
the lan?
--- On Thu, 9/8/11, Tom Eastep <[email protected]> wrote:
From: Tom Eastep <[email protected]>
Subject: Re: [Shorewall-users] cidr route
To: "Shorewall Users" <[email protected]>
Date: Thursday, September 8, 2011, 2:33 PM
On Thu, 2011-09-08 at 22:16 +0100, Simon Hobson wrote:
> Ryan Ferguson wrote:
> >I'm trying to setup cidr routing on shorewall and don't understand
> >the proper way to do this. We changed isp's to cox.net and now they
> >have given us a public ip and a public cidr block of ip's on a
> >separate subnet than our public ip is on. How do I set this up
> >proper in the config files?
>
> Lucky you - that allocation of IPs gives you so much flexibility.
>
> Traditionally you'd use three interfaces - one outside, one 'dmz',
> one inside. Your outside interface will obviously have to match teh
> single public IP etc. Then you use the additional IP block on the
> dmz, and private (RFC1918) addresses on the internal LAN. It's great
> for servers because they can be on public IPs (ie no NAT) but still
> have a firewall between them and the outside world.
>
> With that setup, you define your three interfaces, NAT your inside
> interface to the outside (using the shared public IP), and set your
> policies and rules.
>
I agree with Simon. The configuration that he recommends is so much
cleaner than what you currently have; and it will work.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----Inline Attachment Follows-----
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops? How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
-----Inline Attachment Follows-----
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops? How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
