| View previous topic :: View next topic |
| Author |
Message |
simvin76
Tux's lil' helper
Joined: 05 Oct 2005
Posts: 96
|
 Posted: Thu May 25, 2006 10:45 pm Post subject: Shorewall firewall: How to connect to external IP? |
 |
|
Hello
Short version:
How do I connect to my firewalls (FW) external IP from inside?
Long version:
My apartment has two static IP uplinks, I have connected my Gentoo FW to one, and a WLAN router to the other (they are in separate rooms). The Gentoo box runs Shorewall as firewall script, mail, web, dns and samba. "After" the Gentoo box I have connected my printer, workstations and dev box. My girlfriend has a laptop that usually connects with the WLAN router, but when she sits at her desk, the laptop is connected to the Gentoo box.
I had to install two separate printer drivers on the laptop, one "Cable-in-apartment" that prints to 192.168.10.19 and one that's prints to the external IP of the Gentoo box (DNAT).
| Code: | #ACTION SOURCE DEST PROTO DEST
# Jetdirect
DNAT net loc:192.168.10.19 tcp 9100 |
Two questions:- How should I configure Shorewall so I can use the same printer driver regardless if I am connected with the WLAN or if I am connected through the FW?
- Almost the same thing. I want to connect to the samba server with the same shortcut in Windows, but now, depending on how I am connected I have to map either to 192.168.10.1 or to the external IP.
I have searched both the forum and Shorewall's homepage but have only found that you can't connect to the external IP of the firewall.
Take care
/Simon |
|
| Back to top |
|
 |
skion
Tux's lil' helper
Joined: 18 Aug 2003
Posts: 99
Location: Amsterdam, Netherlands
|
| Posted: Sat May 27, 2006 3:23 pm Post subject: |
|
|
I would suggest to either
- Create a VPN over the internet between the FW and WLAN router
- Create a VPN from the laptop to the FW which can either be direct or over the internet through the WLAN router
- Just link the two with an extra cable?
Your solution seems a bit insecure to me...
PS. Maybe the WLAN router supports IPSEC, otherwise openvpn is great...
_________________
- Skion |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat May 27, 2006 5:37 pm Post subject: |
|
|
Do you need two Internet connections? sounds like a waste of money to me. I would use the WLAN router as an Access Point on your network and do away with your girlfriends Internet connection.
Failing that connect the two networks together with a cable and route between them or VPN, both are discussed above. |
|
| Back to top |
|
|
simvin76
Tux's lil' helper
Joined: 05 Oct 2005
Posts: 96
|
| Posted: Thu Jun 01, 2006 10:26 pm Post subject: |
|
|
The university supply all students on campus with free 10/100 Mbit connection, and in the larger apartments there are two outlets. Since the connections are free, money isn't an issue.
VPN is probably the safest way, but my girlfriend just want to press start and expects everything to just work.
I will look in to setting up a VPN though.
Thank you.
/Simon |
|
| Back to top |
|
|
|
Networking & Security
