Nicolas Riendeau wrote: >My connection to the Internet is done using an ADSL connection (using >PPPoE) and I have a static IP. > >My ISP also routes to this address a subnet (in a different address range). > >I want to be able to assign the subnet IP addresses to servers in my DMZ >or on my internal network (mostly for outbound traffic in that case). > >My normal Internet traffic from my PCs should all appear to come from >the same IP (and preferrably one in my subnet, not my static IP address).
First off, do you NEED some of your servers on public IPs to be in your internal network instead of the DMZ ? If you do, can these be dual homed ? Probably the easiest setup would be to have your DMZ using the public subnet, and then route between WAN and DMZ (no NAT involved). Obviously your firewall will use up one of your public addresses. For any devices you need to have present on the internal network, then dual home them - ie add a second NIC and connect that to your internal network. When you configure NAT, you can specify which public address is used to substitute for your internal IPs. The default (IIRC) would be to use the primary Ip of the interface specified, but it can (I think) be any IP on the machine. >I also have another question... Apart from LEAF, are there any other >Linux distribution that bundles Shorewall (and other tools that might be >useful on a firewall)? Is the only other choice to use a full distro and >remove everything that's not useful/dangerous to have on a firewall? I use Debian for most of my machines. It's easy to install a fairly bare machine - if you make sure all the common software collections are unselected during a basic install, you get very little (even leaving out SSH !). -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
