transparent router using Shorewall?

[Guest dsant]

I would like to use my MDV 2007 as a transparent router/firewall

 

Until now I did :

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

 

How can I do the same with Shorewall ? which Shorewall file to edit ?

or using graphic tools ?

 

note that I want all the ports, not only http as with squid.

 

192.168.1.2 <-----> 192.168.1.1 eth1 / 82.67.x.x eth0 <-----> outside world Free ADSL

[wingcom]

I remember I had those iptables rules when I used a modem . It was ppp0 and eth0 but the solution is the same i guess...;

 

in shorewall.conf:

 

#

# ENABLE IP FORWARDING

#

# If you say "On" or "on" here, IPV4 Packet Forwarding is enabled. If you

# say "Off" or "off", packet forwarding will be disabled. You would only want

# to disable packet forwarding if you are installing Shorewall on a

# standalone system or if you want all traffic through the Shorewall system

# to be handled by proxies.

#

# If you set this variable to "Keep" or "keep", Shorewall will neither

# enable nor disable packet forwarding.

#

IP_FORWARDING=On

 

in /etc/shorewall/masq:

Example 1:

#

# You have a simple masquerading setup where eth0 connects to

# a DSL or cable modem and eth1 connects to your local network

# with subnet 192.168.0.0/24.

#

# Your entry in the file can be either:

#

# eth0 eth1

#

# or

#

# eth0 192.168.0.0/24

 

so:

#INTERFACE SUBNET ADDRESS PROTO PORT(S)

eth0 eth1

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

 

in /etc/shorewall/interfaces

##############################################################################

#ZONE INTERFACE BROADCAST OPTIONS

net eth0 detect

loc eth1 detect

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

 

 

Just set it up using the wizard and afterwards change these things. then do a "shorewall restart" as root I think it should work like this unless I forgot something.