Hello list, I've been using shorewall happily for many years, but now I have a LAN setup that the docs seem not to cover. The new web-server box I mentioned recently has two Ethernet ports, which I want to connect as follows:
Port 1 (enp1s0) will be connected to a spare port on my vDSL modem/router and be accessible from outside. An HTTP hole* will be opened in the router for this. Port 2 (enp2s0) is connected to my LAN switch, which is connected in turn to another port on the vDSL modem, which has no holes open to this port. Once the server goes into service this interface will be down most of the time. I want to ensure that no bridging occurs between the two ports in the web server. Shorewall has very good documentation, but I can't see an example similar to this; they assume that a two-homed machine is to act as a firewall, which is not at all what I want to do. http://shorewall.org/MultiISP.html isn't quite it either. Does anyone have any tips or examples showing how to go about this? I'm confronted with that terrifying blank sheet of paper. * Yes, I know I should go the whole hog and insist on HTTPS only, but that's another kettle of fish altogether. I prefer to think about it separately. -- Regards Peter