Hello All, In line with the "No firewall / more networks" response from Charles, and the fact that INTERN_IF and INTERN_IP parameters can only hold values from a single device, what if I would like to have multiple devices serve internal networks? And I would like these devices have the same security rules. How/where should I declare multiple INTERN devices in network.conf?
TIA. ------------------------- Message: 1 From: "Charles Steinkuehler" <[EMAIL PROTECTED]> To: "brooksp" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: [Leaf-user] No firewall / more networks Date: Thu, 28 Feb 2002 09:54:50 -0600 > Kindest greetings, > Can anyone help me out and give me some information on the following two > points. > I currently run Dachstein CD and it works a treat, fair play to all > involved. > Firstly,I want to know if it is possible to run as a general router without > firewalling. Absolutely > And secondly, if it is possible to route between 3or4 different networks, > and if so, how can it be done? You can route between as many network connections as you configure your machine for. I've run several Dachstein routers/firewalls with 5 10/100 Ethernet ports. > Does setting the IP Filter Switch to 'router' in network.conf disable the > firewall scripts? Not entirely...you'll still have some address spoofing protection, and traffic that shouldn't be crossing the internet (private IP's, all zero's/one's, &c) will be dropped. If you don't want any packet filtering, set the IP filter switch to "none". > Any help on details of how to add settings for more eth cards in > network.conf would be appreciated. > Only static IP addresses will be used and the box will be firewalled from > the internet. To add interfaces, just create additional ethX_* settings (ie eth2_IPADDR, ...), and add the interface to the IF_AUTO list so it will get configured automatically. Also, set: IPFILTER_SWITCH=none and IPFWDING_KERNEL=YES This will get you a multi-port router. If you need to add any static routes, you can do so with the ethX_ROUTES setting. Let's say you get to the remote 10.2.0.0/24 network via a router at 10.1.0.4, which is attached to eth3. Add the following to your eth3 configuration to make a static route: eth3_ROUTES="10.2.0.0/24_via_10.1.0.4" Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
