Is it possible to use Nethserver in routed mode? I would like, all clients in internals networks (green) to reach the red networks without being natted.
I have in mind a situation where there are other untrusted (but internal) networks between internet and green zone. In these networks, the clients of the green zone must be recognizable by their IP.
Is sth like this enough?
/sbin/sysctl -w net.ipv4.ip_forward=1
Maybe you need a guest network zone?
See http://docs.nethserver.org/en/latest/base_system.html#network
I have a setup where a single nethserver with a single adsl line is shared by two companies. I configured the lan of company 1 as green zone and company 2 as blue. Then I used firewall rules to open required services from blue to lan (mainly access to the mail server).
Network traffic is natted only when leaving the red zone.
I understand what you are saying, but I need to route all internet traffic of the “green” clients to a router in this network (blue as you suggest). I don’t think that this is possible within the Nethserver interface
Ok. It works. Thx
So, in simple words, we just have to create an empty /etc/e-smith/templates-custom/etc/shorewall/masq/20red file and disable transparent proxy.
I have to say, that I am impressed with the firewall that worked on routed mode without any other change.