On 01/12/2012 02:07 PM, Stephane Bouvard wrote: > Bonjour, `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - > > I suppose that you mean > > 1.1.1.2 eth0 10.1.1.2 yes - 1.1.1.3 eth0 > 10.1.1.3 yes - > > ?
Yes. > > According the FAQ 2a, with this settings i should also set a masq ( > eth1 eth1 1.1.1.1 ) to allow servers to use the public ip to connect > each other, meaning that all loc->loc traffic appear to originate on > the firewall, from the 1.1.1.1 IP, and not from the public IP of the > real originating server... it's precisely what i would like to avoid > and the reason why i've set two explicit NAT rules... > > It's also confirmed by the http://www.shorewall.net/NAT.htm page : > Specifying “Yes” in this column will not by itself allow systems on > the lower LAN to access each other using their public IP addresses. > You are correct. I'll add your method to the FAQ; thanks for the tip. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
