From 8f0c9cb9a3e711541297d61bca2312a61413c5df Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 2 Mar 2005 00:49:14 +0000 Subject: [PATCH] More FAQ updates git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1975 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/FAQ.xml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml index 53caeb45d..c93d4bd96 100644 --- a/Shorewall-docs2/FAQ.xml +++ b/Shorewall-docs2/FAQ.xml @@ -1784,7 +1784,8 @@ TOS=0x00 PREC=0x00 TTL=64 ID=26774 DF PROTO=TCP SPT=32797 DPT=80 WINDOW=5840 RES - Add a zone for the modem in /etc/shorewall/zones: + Add a zone for the modem in + /etc/shorewall/zones: #ZONE DISPLAY COMMENTS modem ADSLModem Zone for modem @@ -1793,7 +1794,8 @@ modem ADSLModem Zone for modem Define the zone to be associated with eth0 (or whatever interface connects - to your modem) in /etc/shorewall/interfaces: + to your modem) in + /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS modem eth0 detect @@ -1801,13 +1803,30 @@ modem eth0 detect Allow web traffic to the modem in - /etc/shorewall/rules: + /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT(S) ACCEPT fw modem tcp 80 ACCEPT loc modem tcp 80 + + Note that many of these ADSL/Cable Modems have no default + gateway or their default gateway is at a fixed IP address that is + different from the IP address you have assigned to your external + interface. In either case, you may have problems browsing the modem + from your local network even if you have the correct routes + established on your firewall. This is usually solved by masquerading + traffic from your local network to the modem. + + /etc/shorewall/masq: + + #INTERFACE SUBNET ADDRESS +eth0 eth1 # eth1 = interface to local network + + For an example of this when the ADSL/Cable modem is bridged, see + my configuration. In that case, I + masquerade using the IP address of my local interface!