From: Tom E. <te...@sh...> - 2001-11-30 00:59:07
|
On Thursday 29 November 2001 04:16 pm, Joshua Penix wrote: > Here's my setup: > > eth0 =3D local network, 192.168.1.0/24, shorewall interface 192.168.1.2= 54 > eth1 =3D DMZ, 192.168.2.0/24, shorewall interface 192.168.2.254 > eth3 =3D connection to internet, shorewall interface 63.x.x.x > > > /etc/shorewall/masq: > #INTERFACE=09 SUBNET > eth3=09=09=09eth0 > eth3=09=09=09eth1 > > > The above has worked well for quite a while now, but upon reviewing the > logs of my webserver sitting on the DMZ (192.168.2.80), I noticed that = all > connections from inside my 192.168.1.x network were being logged as com= ing > from 192.168.2.254. This indicates to me that my firewall box is > masquerading traffic to the DMZ instead of routing it. > > How can I tell Shorewall that I eth0 -> eth1 traffic simply routed inst= ead > of masq'd? > What does "shorewall show nat" show? With the two entries you have in=20 /etc/shorewall/masq, local->dmz connections should not be masqueraded. -Tom --=20 Tom Eastep \ te...@sh... AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \_________________________ All system changes are trivial so long as they are to be done by someone else. |