--On Thursday, January 23, 2003 10:50 AM -0800 Tom Eastep <[EMAIL PROTECTED]> wrote:
One more comment -- if you plan to define rules between the client and server zones, what you are implementing is little more than "security through obscurity" and in this case, it's not even very obscure. Any user with administrative privileges on their client machine can change the netmask and access any server they choose.1. I've got a network 10.0.0.0/22. From 10.0.0.1 - 10.0.0.255 are the servers and from 10.0.1.1 - 10.0.3.254 are the clients. The Router running Bering/Shorewall is at 10.0.0.1. I want to divide this network in two nested (correct word for that?) zones. A "server" and a "client" zone.Those zones aren't nested -- they are disjoint!Is it possible to say: /etc/shorewall/zones: servers Servers Server Zone clients Clients Client Zone------- Maximum length of a zone name is 5 characters!/etc/shorewall/interfaces: - eth1 detect #no options /etc/shorewall/hosts: servers eth1:10.0.0.0/24 dhcp clients eth1:10.0.1.0/23 dhcp ? My question belongs especially to the /23 netmask but also if this is possible at all.That's wrong -- you need: servers eth1:10.0.0.0/24 dhcp clients eth1:10.0.1.0/24,10.0.2.0/23 dhcp
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: teastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html