On Tuesday, September 18, 2012 05:59:47 PM lee wrote: > Neal Murphy <neal.p.mur...@alum.wpi.edu> writes: > > So yes, if you want 'real' networking, you'll need bridges and taps. > > Thank you, I'll have to look into taps then. > > Do you think it's a good idea to just create a bridge device with the > unused eth0 for this? I could leave eth1 as is and would basically only > have to add a zone and appropriate policy and rules in the shorewall > configuration.
If that is the only firewall method you have then yes, enable forwarding, add the bridge to a second shorewall zone, and add iptables rules that drop, reject, allow and deny traffic as you desire. All of your VMs can easily be tapped into the bridge. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201209191045.04927.neal.p.mur...@alum.wpi.edu
