RE: [leaf-user] Three-interface Bering sample

Thu, 26 Feb 2004 22:13:13 -0800 

Thanks for this.  I have been given the location of the three-interface
sample and there is one other difference you may not have noticed.  That
is in the masq file where the entries look like:

#INTERFACE              SUBNET          ADDRESS
eth0                    eth1
eth0                    eth2

Thanks for your help.

David Pitts

>  -----Original Message-----
> From:         Andrew Gray [mailto:[EMAIL PROTECTED] 
> Sent: Friday, 27 February 2004 11:28 AM
> To:   David Pitts; [EMAIL PROTECTED]
> Subject:      RE: [leaf-user] Three-interface Bering sample
> 
> I didn't worry about finding a config for multi interface on the
> latest versions.   All that is needed is to declare the interfaced in
> the /etc/network/interfaces file then add the rules to the shorewall
> files.   Here is the example I use now with 2 internal interfaces,
> only 1 of which has access to the internet, a dmz and ppp dialup
> internet access to the net.
> 
> Hope this is of some help to you.
> Andrew G. Gray
> MCSE
> 
> Phone:        (07) 4124 6303
> Mobile:       0418 734 078
> 
> 
> # Shorewall 1.4 /etc/shorewall/zones
> #ZONE DISPLAY         COMMENTS
> net   Net             Internet
> loc   Local           Local networks
> loc1  Local1          Local Network Children
> dmz   DMZ             Demilitarized zone
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> 
> # Shorewall 1.4 -- Interfaces File
> #ZONE  INTERFACE      BROADCAST       OPTIONS
> net    ppp0           -
> loc    eth0           192.168.2.255
> loc1   eth1           192.168.3.255
> dmz    eth2           detect
> 
> # /etc/shorewall/rules
> #ACTION  SOURCE               DEST            PROTO   DEST    SOURCE
> ORIGINAL      RATE            USER
> #                                             PORT    PORT(S)    DEST
> LIMIT
> #
> # Accept DNS connections from the firewall
> #
> ACCEPT         fw             net             tcp     53
> ACCEPT         fw             net             udp     53
> #
> # Accept SSH connections from the local network for administrative
> purposes.
> #
> ACCEPT         loc            fw              tcp     22
> #
> # Allow ping to and from the firewall
> #
> # ping to firewall
> ACCEPT         loc            fw              icmp    8
> ACCEPT         loc1           fw              icmp    8
> ACCEPT         dmz            fw              icmp    8
> # Ping between networks
> ACCEPT         loc            loc1            icmp    8
> ACCEPT         loc1           loc             icmp    8
> ACCEPT         loc            dmz             icmp    8
> ACCEPT         loc1           dmz             icmp    8
> ACCEPT         net            fw              icmp    8
> # Ping from firewall
> ACCEPT         fw             loc             icmp    8
> ACCEPT         fw             loc1            icmp    8
> ACCEPT         fw             dmz             icmp    8
> ACCEPT         fw             net             icmp    8
> #
> # Bering specific rules
> # allow loc to fw udp/53 for dnscache to work
> # allow loc to fw tcp/80 for weblet to work
> #
> ACCEPT         loc            fw              udp     53
> ACCEPT         loc            fw              tcp     80
> ACCEPT         fw             loc             tcp     80
> #
> # Allow loc to fw tcp/9100:9102 for print server
> #
> ACCEPT         loc            fw              tcp     9100:9102
> DROP   net            fw              tcp     9100:9102
> #
> # Allow VPN access to server on internal network
> #
> ACCEPT         net            loc:192.168.2.30 tcp    1723
> ACCEPT         net            loc:192.168.2.30 47     
> #
> 
> # /etc/shorewall/policy
> #SOURCE               DEST            POLICY          LOG
> LIMIT:BURST
> #                                             LEVEL
> loc           net             ACCEPT
> loc           loc1            ACCEPT
> loc1          loc             ACCEPT
> loc           dmz             ACCEPT
> loc1          dmz             ACCEPT
> #
> net           all             DROP            info
> #
> # THE FOLLOWING POLICY MUST BE LAST
> #     
> all           all             REJECT          info 
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of David
> Pitts
> > Sent: Thursday, 26 Feb 2004 13:25
> > To: [EMAIL PROTECTED]
> > Subject: [leaf-user] Three-interface Bering sample
> > 
> > 
> > Hi.  Can someone point me to the current three-interface Shorewall
> > config for Bering 2 and Shorewall 1.4.9?
> > 
> > Thanks.
> > 
> > David Pitts
> > IT Services Manager
> > Reid Library 
> > University of Western Australia
> >  
> > Telephone:   (08) 6488 3492     Fax:  (08) 6488 1012
> > 
> > 
> > 
> > -------------------------------------------------------
> > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > Build and deploy apps & Web services for Linux with
> > a free DVD software kit from IBM. Click Now!
> > http://ads.osdn.com/?ad_id56&alloc_id438&op=ick
> > --------------------------------------------------------------
> > ----------
> > leaf-user mailing list: [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
> > 
> > __________ NOD32 1.634 (20040226) Information __________
> > 
> > This message was checked by NOD32 antivirus system.
> > http://www.nod32.com
> > 
> > 
> 
> 
> __________________________________________________________________
> << ella for Spam Control >> has removed Spam messages and set aside
> Newsletters for me
> You can use it too - and it's FREE!  http://www.ellaforspam.com



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to