On 5/26/2015 1:05 PM, PGNd wrote: > I've setup a DHCP connected linux box. It runs Shorewall. > > [net] > | > ------------------------ > EXT: DHCP Client > Uverse/ATT modem (bridge mode) > INT: DHCP Server & WebServer @ http://192.168.1.254 > ------------------------ > | > | > ------------------------ > EXT: DHCP Client -> IP == 1.2.3.4 > Linux Router/Firewall (shorewall) > INT: 192.168.1.100 > ------------------------ > | > |-------------------------------| > ------------------- ------------------- > EXT: 192.168.1.10 EXT: 192.168.1.20 > Linux Laptop Linux MailServer (temp) > ------------------- ------------------- > > Shorewall's config'd to allow in-/out-bound traffic between the LAN and the > 'net. It works as intended -- Laptop & MailServer are both net-functional. > > What I haven't managed to do, is access the modem's WebServer @ > http://192.168.1.254 from the LAN. If the Laptop's directly connected to the > Modem, without the Shorewall instance in between, no problem. > > I need to punch a hole with Shorewall to allow only LAN access to the modem's > WebServer on the 192.168.1.0/24 segment, and no further. > > How do I properly allow that traffic, on a 'private' address segment, in/out > the SW external address? Do I need to also assign a 192.168.1.X addr too the > SW ext intfc? > > To date, I've typically config'd with private addresses NEVER being routed on > the SW external interface. Not sure if it's either possible or recommended. > all-users You have an unworkable IP configuration -- the Uverse/ATT modem's internal IP address is in the same network as your local systems.
-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
