Re: [fw-wiz] Iptables /Router

• Previous message: Devdas Bhagat: "Re: [fw-wiz] Re: Book of rants"
• In reply to: Marek Pawinski: "[fw-wiz] Iptables /Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com>, Marek Pawinski <pawinski@webstorm.co.za>
Date: Sun, 12 Dec 2004 14:50:58 -0500 (EST)

On Sun, 12 Dec 2004, Marek Pawinski wrote:

> I previously had a network with one Mandrake box A as a internet gateway
> (ISDN) using internet connection sharing to some desktops B.

Cool.

> I now have a ADSL modem/router connected to the Mandrake box A and the
> router does the NAT and packet filtering.

Does it have to? Unless you're worried about someone attacking the
Mandrake box then you'll probably find your life easier with only one NAT
box in the chain.

> I now notice that the internet connection seems to bypass box A and does
> not go through shorewall at all.

I think this is confusion.

> grc.com shows that my IP is that of the router been scanned.

Sure. That the real routable IP. Unless you've run an Ethernet cable
from your LAN directly into the router, each stage will do NAT seperately.

> So my question is how can i set this up so shorewall on box A as well as
> the router protect the network ?

As long as your LAN is plugged into the shorewall and the router is
plugged into the shorewall and the LAN and router aren't plugged into each
other directly you're in good shape.

-- 
</chris>
"Fans of Mozilla's free, open-source Firefox browser make the
ardent Apple faithful look like a bunch of slackers."
- Rebecca Lieb at clickz.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Devdas Bhagat: "Re: [fw-wiz] Re: Book of rants"
• In reply to: Marek Pawinski: "[fw-wiz] Iptables /Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]