Thanks for this. I have been given the location of the three-interface
sample and there is one other difference you may not have noticed. That
is in the masq file where the entries look like:
#INTERFACE SUBNET ADDRESS
eth0eth1
eth0eth2
Thanks for your help.
David Pitts
-Original Message-
From: Andrew Gray [mailto:[EMAIL PROTECTED]
Sent: Friday, 27 February 2004 11:28 AM
To: David Pitts; [EMAIL PROTECTED]
Subject: RE: [leaf-user] Three-interface Bering sample
I didn't worry about finding a config for multi interface on the
latest versions. All that is needed is to declare the interfaced in
the /etc/network/interfaces file then add the rules to the shorewall
files. Here is the example I use now with 2 internal interfaces,
only 1 of which has access to the internet, a dmz and ppp dialup
internet access to the net.
Hope this is of some help to you.
Andrew G. Gray
MCSE
Phone:(07) 4124 6303
Mobile: 0418 734 078
# Shorewall 1.4 /etc/shorewall/zones
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
loc1 Local1 Local Network Children
dmz DMZ Demilitarized zone
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
# Shorewall 1.4 -- Interfaces File
#ZONE INTERFACE BROADCAST OPTIONS
netppp0 -
loceth0 192.168.2.255
loc1 eth1 192.168.3.255
dmzeth2 detect
# /etc/shorewall/rules
#ACTION SOURCE DESTPROTO DESTSOURCE
ORIGINAL RATEUSER
# PORTPORT(S)DEST
LIMIT
#
# Accept DNS connections from the firewall
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administrative
purposes.
#
ACCEPT locfw tcp 22
#
# Allow ping to and from the firewall
#
# ping to firewall
ACCEPT locfw icmp8
ACCEPT loc1 fw icmp8
ACCEPT dmzfw icmp8
# Ping between networks
ACCEPT locloc1icmp8
ACCEPT loc1 loc icmp8
ACCEPT locdmz icmp8
ACCEPT loc1 dmz icmp8
ACCEPT netfw icmp8
# Ping from firewall
ACCEPT fw loc icmp8
ACCEPT fw loc1icmp8
ACCEPT fw dmz icmp8
ACCEPT fw net icmp8
#
# Bering specific rules
# allow loc to fw udp/53 for dnscache to work
# allow loc to fw tcp/80 for weblet to work
#
ACCEPT locfw udp 53
ACCEPT locfw tcp 80
ACCEPT fw loc tcp 80
#
# Allow loc to fw tcp/9100:9102 for print server
#
ACCEPT locfw tcp 9100:9102
DROP netfw tcp 9100:9102
#
# Allow VPN access to server on internal network
#
ACCEPT netloc:192.168.2.30 tcp1723
ACCEPT netloc:192.168.2.30 47
#
# /etc/shorewall/policy
#SOURCE DESTPOLICY LOG
LIMIT:BURST
# LEVEL
loc net ACCEPT
loc loc1ACCEPT
loc1 loc ACCEPT
loc dmz ACCEPT
loc1 dmz ACCEPT
#
net all DROPinfo
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT info
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
Pitts
Sent: Thursday, 26 Feb 2004 13:25
To: [EMAIL PROTECTED]
Subject: [leaf-user] Three-interface Bering sample
Hi. Can someone point me to the current three-interface Shorewall
config for Bering 2 and Shorewall 1.4.9?
Thanks.
David Pitts
IT Services Manager
Reid Library
University of Western Australia
Telephone: (08) 6488 3492 Fax: (08) 6488 1012
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=ick
--
--
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf