I've setup a DHCP connected linux box. It runs Shorewall. [net] | ------------------------ EXT: DHCP Client Uverse/ATT modem (bridge mode) INT: DHCP Server & WebServer @ http://192.168.1.254 ------------------------ | | ------------------------ EXT: DHCP Client -> IP == 1.2.3.4 Linux Router/Firewall (shorewall) INT: 192.168.1.100 ------------------------ | |-------------------------------| ------------------- ------------------- EXT: 192.168.1.10 EXT: 192.168.1.20 Linux Laptop Linux MailServer (temp) ------------------- -------------------
Shorewall's config'd to allow in-/out-bound traffic between the LAN and the 'net. It works as intended -- Laptop & MailServer are both net-functional. What I haven't managed to do, is access the modem's WebServer @ http://192.168.1.254 from the LAN. If the Laptop's directly connected to the Modem, without the Shorewall instance in between, no problem. I need to punch a hole with Shorewall to allow only LAN access to the modem's WebServer on the 192.168.1.0/24 segment, and no further. How do I properly allow that traffic, on a 'private' address segment, in/out the SW external address? Do I need to also assign a 192.168.1.X addr too the SW ext intfc? To date, I've typically config'd with private addresses NEVER being routed on the SW external interface. Not sure if it's either possible or recommended. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
