Re: shorewall, forwarding net connection

To: debian-user@lists.debian.org
Subject: Re: shorewall, forwarding net connection
From: andreimpopescu@gmail.com (Andrei Popescu)
Date: Sat, 21 Oct 2006 22:25:29 +0300
Message-id: <[🔎] 20061021192529.GB4436@omnibook>
In-reply-to: <[🔎] 871wp4t66p.fsf@poczta.po.opole.pl>
References: <[🔎] 871wp4t66p.fsf@poczta.po.opole.pl>

On Thu, Oct 19, 2006 at 10:13:34PM +0200, Seweryn Kokot wrote:
> Inspired by last posts about iptables/firewall I would like to convert from
> /etc/init.d/firewall rules to shorewall. I have an external internet
> connection (ppp0, dynamic ip) and want to forward that net connection
> by eth0 (192.168.0.1) to another computer. Here are the rules 
> in /etc/init.d/firewall:
> -----
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
> iptables -t filter -F 
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> ifconfig ppp0 mtu 1400 
> ----
> How to represent it in shorewall?
> Thanks in advance,
> Seweryn

It depends wheather you are using sarge or etch, because the configuration
has changed a bit.

For etch (Shorewall 3.0.7) I have writen this:

    http://newbiedoc.berlios.de/wiki/Firewall
    
It covers a basic firewall with masquerading. Also the configs of shorewall
contain very elaborate explanations.

HTH,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

Reply to:

References:
- shorewall, forwarding net connection
  - From: Seweryn Kokot <skokot@po.opole.pl>

Prev by Date: Re: Monitor Question: 20" Wide
Next by Date: Fim Scanner Device - Scsi - Minolta Dimage Dual Scan
Previous by thread: Re: shorewall, forwarding net connection
Next by thread: Hal error when starting dbus
Index(es):
- Date
- Thread