Shorewall

From: Kees de Koster (root_at_dragonhill.xs4all.nl)
Date: 06/28/05

Next message: style: "Windows DNS with Linux DHCP"
Previous message: Dan: "Re: Windows network with a Linux server"
Next in thread: Bill Marcum: "Re: Shorewall"
Reply: Bill Marcum: "Re: Shorewall"
Reply: gg-csf_at_dmztest.vsr.ambisys.net: "Re: Shorewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 28 Jun 2005 11:58:17 +0200

Hello,

I can't figure it out how to accomplish the following, I have a LAN
existing out a XP box, Debian Linux PC and a server. They all are
connected through a ethernet switch and that one is connected to a
Speedtouch ADSL/Router.

On the Debian PC is Shorewall running, I have only eth0 connected, what
I can't figure out is how I can define the traffic to the Internet and
the LAN, if that traffic should go through different interfaces it is
easy but through the same interface I can't find. I did try add a zone
Loc also on eth0 but that Shorewal doesn't accept.

Below the config files as they are now;

/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect blacklist,routefilter,tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

/etc/shorewall/zones
#ZONE DISPLAY COMMENTS
net Net Internet
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

/etc/shorewall/policy
#SOURCE DEST POLICY LOG LEVEL
LIMIT:BURST
fw net ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

TIA

Kees

-- 
Your boss climbed the corporate ladder, wrong by wrong.
Linux Registered User #300181  |  ICQ #179658498
See me at http://dragonhill.xs4all.nl  -- # EOE

Next message: style: "Windows DNS with Linux DHCP"
Previous message: Dan: "Re: Windows network with a Linux server"
Next in thread: Bill Marcum: "Re: Shorewall"
Reply: Bill Marcum: "Re: Shorewall"
Reply: gg-csf_at_dmztest.vsr.ambisys.net: "Re: Shorewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Help on Cisco ASA 5510 VPN IPsec
... Inbound TCP connection denied from 10.100.7.245/22 to 10.100.5.10/1953 flags SYN ACK on interface lan ... mtu wan 1500 ...
(comp.dcom.sys.cisco)
Re: Routing with multiple IPs
... and requires the fewest changes/redesigns as the LAN side ... provide a physical path for LAN hosts. ... So one interface will connect to the ISP router -- it's the interface ... additional point of control and defense. ...
(comp.os.linux.networking)
[Full-disclosure] Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp
... frominternal lan. ... The interface to configure these modems are made extremily poor by the ... interface and telnet/ftp/tftp services from internal network. ... IP packet to router specific ip 192.168.1.1. ...
(Full-Disclosure)
Problem with IPFilter/IPNAT
... I am using IPFilter and IPNat on several FreeBSD boxes. ... The LAN machines use the FreeBSD as the ... I run cache-only config. ... rl1 is external interface. ...
(freebsd-questions)
Multiple NIC OS/2 PEERLAN help please
... For the first time I'm contemplating a workstation on a substantial size OS2 PEERLAN local network which I wish to connect to the Internet individually but not to introduce IP interface to the whole LAN. ... It works beautifully now by swapping the TCP/IP LOCAL setup between LAN0 as either a DHCP connection when connected physically to the supplied ADSL modem, ...
(comp.os.os2.networking.misc)