Guest dsant Posted February 9, 2007 Report Share Posted February 9, 2007 I would like to use my MDV 2007 as a transparent router/firewall Until now I did : echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT How can I do the same with Shorewall ? which Shorewall file to edit ? or using graphic tools ? note that I want all the ports, not only http as with squid. 192.168.1.2 <-----> 192.168.1.1 eth1 / 82.67.x.x eth0 <-----> outside world Free ADSL Quote Link to comment Share on other sites More sharing options...
wingcom Posted February 13, 2007 Report Share Posted February 13, 2007 I remember I had those iptables rules when I used a modem . It was ppp0 and eth0 but the solution is the same i guess...; in shorewall.conf: # # ENABLE IP FORWARDING # # If you say "On" or "on" here, IPV4 Packet Forwarding is enabled. If you # say "Off" or "off", packet forwarding will be disabled. You would only want # to disable packet forwarding if you are installing Shorewall on a # standalone system or if you want all traffic through the Shorewall system # to be handled by proxies. # # If you set this variable to "Keep" or "keep", Shorewall will neither # enable nor disable packet forwarding. # IP_FORWARDING=On in /etc/shorewall/masq: Example 1: # # You have a simple masquerading setup where eth0 connects to # a DSL or cable modem and eth1 connects to your local network # with subnet 192.168.0.0/24. # # Your entry in the file can be either: # # eth0 eth1 # # or # # eth0 192.168.0.0/24 so: #INTERFACE SUBNET ADDRESS PROTO PORT(S) eth0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE in /etc/shorewall/interfaces ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect loc eth1 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Just set it up using the wizard and afterwards change these things. then do a "shorewall restart" as root I think it should work like this unless I forgot something. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.