subject:"\[leaf\-user\] Three\-interface Bering sample"

RE: [leaf-user] Three-interface Bering sample

2004-02-26 Thread David Pitts

Thanks for this.  I have been given the location of the three-interface
sample and there is one other difference you may not have noticed.  That
is in the masq file where the entries look like:

#INTERFACE  SUBNET  ADDRESS
eth0eth1
eth0eth2

Thanks for your help.

David Pitts

  -Original Message-
 From: Andrew Gray [mailto:[EMAIL PROTECTED] 
 Sent: Friday, 27 February 2004 11:28 AM
 To:   David Pitts; [EMAIL PROTECTED]
 Subject:  RE: [leaf-user] Three-interface Bering sample
 
 I didn't worry about finding a config for multi interface on the
 latest versions.   All that is needed is to declare the interfaced in
 the /etc/network/interfaces file then add the rules to the shorewall
 files.   Here is the example I use now with 2 internal interfaces,
 only 1 of which has access to the internet, a dmz and ppp dialup
 internet access to the net.
 
 Hope this is of some help to you.
 Andrew G. Gray
 MCSE
 
 Phone:(07) 4124 6303
 Mobile:   0418 734 078
 
 
 # Shorewall 1.4 /etc/shorewall/zones
 #ZONE DISPLAY COMMENTS
 net   Net Internet
 loc   Local   Local networks
 loc1  Local1  Local Network Children
 dmz   DMZ Demilitarized zone
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
 
 # Shorewall 1.4 -- Interfaces File
 #ZONE  INTERFACE  BROADCAST   OPTIONS
 netppp0   -
 loceth0   192.168.2.255
 loc1   eth1   192.168.3.255
 dmzeth2   detect
 
 # /etc/shorewall/rules
 #ACTION  SOURCE   DESTPROTO   DESTSOURCE
 ORIGINAL  RATEUSER
 # PORTPORT(S)DEST
 LIMIT
 #
 # Accept DNS connections from the firewall
 #
 ACCEPT fw net tcp 53
 ACCEPT fw net udp 53
 #
 # Accept SSH connections from the local network for administrative
 purposes.
 #
 ACCEPT locfw  tcp 22
 #
 # Allow ping to and from the firewall
 #
 # ping to firewall
 ACCEPT locfw  icmp8
 ACCEPT loc1   fw  icmp8
 ACCEPT dmzfw  icmp8
 # Ping between networks
 ACCEPT locloc1icmp8
 ACCEPT loc1   loc icmp8
 ACCEPT locdmz icmp8
 ACCEPT loc1   dmz icmp8
 ACCEPT netfw  icmp8
 # Ping from firewall
 ACCEPT fw loc icmp8
 ACCEPT fw loc1icmp8
 ACCEPT fw dmz icmp8
 ACCEPT fw net icmp8
 #
 # Bering specific rules
 # allow loc to fw udp/53 for dnscache to work
 # allow loc to fw tcp/80 for weblet to work
 #
 ACCEPT locfw  udp 53
 ACCEPT locfw  tcp 80
 ACCEPT fw loc tcp 80
 #
 # Allow loc to fw tcp/9100:9102 for print server
 #
 ACCEPT locfw  tcp 9100:9102
 DROP   netfw  tcp 9100:9102
 #
 # Allow VPN access to server on internal network
 #
 ACCEPT netloc:192.168.2.30 tcp1723
 ACCEPT netloc:192.168.2.30 47 
 #
 
 # /etc/shorewall/policy
 #SOURCE   DESTPOLICY  LOG
 LIMIT:BURST
 # LEVEL
 loc   net ACCEPT
 loc   loc1ACCEPT
 loc1  loc ACCEPT
 loc   dmz ACCEPT
 loc1  dmz ACCEPT
 #
 net   all DROPinfo
 #
 # THE FOLLOWING POLICY MUST BE LAST
 # 
 all   all REJECT  info 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of David
 Pitts
  Sent: Thursday, 26 Feb 2004 13:25
  To: [EMAIL PROTECTED]
  Subject: [leaf-user] Three-interface Bering sample
  
  
  Hi.  Can someone point me to the current three-interface Shorewall
  config for Bering 2 and Shorewall 1.4.9?
  
  Thanks.
  
  David Pitts
  IT Services Manager
  Reid Library 
  University of Western Australia
   
  Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012
  
  
  
  ---
  SF.Net is sponsored by: Speed Start Your Linux Apps Now.
  Build and deploy apps  Web services for Linux with
  a free DVD software kit from IBM. Click Now!
  http://ads.osdn.com/?ad_id56alloc_id438op=ick
  --
  --
  leaf-user mailing list: [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user
  SR FAQ: http://leaf

[leaf-user] Three-interface Bering sample

2004-02-25 Thread David Pitts

Hi.  Can someone point me to the current three-interface Shorewall
config for Bering 2 and Shorewall 1.4.9?

Thanks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Three-interface Bering sample

[leaf-user] Three-interface Bering sample

2 matches

Site Navigation

Mail list logo

Footer information