Re: [leaf-user] Setting up First DMZ - Help Wanted

Thu, 13 Mar 2003 06:49:41 -0800

At 08:34 13/03/03 -0500, Sean E. Covel wrote: 
I'm trying to setup my first DMZ on Bering 1.0.  I downloaded the
Shorewall 3 Interface example and made the changes.  I now have 2-2 port
NICs in the firewall.  I edited /etc/interfaces and added eth2 as
192.168.2.254.  The result of ip addr is as follows:

# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:03:47:08:40:1a brd ff:ff:ff:ff:ff:ff
    inet 12.243.231.253/25 brd 255.255.255.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:03:47:08:40:1b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:03:47:08:4a:d6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2
6: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100
    link/ether 00:03:47:08:4a:d7 brd ff:ff:ff:ff:ff:ff

So it appear to be setup.

That's a little confusing - is eth2 your dmz?

In any case, this shows that you have three interfaces set up, drivers loaded and ip addresses assigned etc, plus a fourth interface that has no ip address yet. That's only the first part of getting a dmz going.

The next step is to edit your shorewall rules, policy etc to set up the services you want. Take another look at the three-interface guide:

http://www.shorewall.net/three-interface.htm

cheers

Julian



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to