Re: [leaf-user] Bering cd without shorewall
On Mon, 12 Aug 2002, Tom Eastep wrote: On Mon, 12 Aug 2002, Cass Tolken wrote: I suppose you can take out shorwall (note no e) from the LRP=... in the syslinux.cfg file and then create your own package with your own scripts. But I'd have to ask why? I wanted to ask the same question but then I'm a bit biased :-) I don't recommend removing Shorewall, but it is larger than a very simple direct-scripted iptables configuration file would be, and given how some people are about disk space, there could be a compelling need. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering cd without shorewall
On Tue, 13 Aug 2002, Jeff Newmiller wrote: I don't recommend removing Shorewall, but it is larger than a very simple direct-scripted iptables configuration file would be, and given how some people are about disk space, there could be a compelling need. Nod -- with floppy-based systems, space is always a factor all right. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering cd without shorewall
Jeff Newmiller wrote (on Tue, Aug 13, 2002 at 01:09:52AM -0700): | On Mon, 12 Aug 2002, Tom Eastep wrote: | | On Mon, 12 Aug 2002, Cass Tolken wrote: | | I suppose you can take out shorwall (note no e) from the LRP=... in | the syslinux.cfg file and then create your own package with your own | scripts. But I'd have to ask why? | | I wanted to ask the same question but then I'm a bit biased :-) | | I don't recommend removing Shorewall, but it is larger than a very simple | direct-scripted iptables configuration file would be, and given how some | people are about disk space, there could be a compelling need. Couldn't run Shorewall (on a separate box, say), scarf the resulting iptables commands that result, and implement them directly on the production machine? NYZ -- _ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering cd without shorewall
Hi Abjin, --- Abjin M H [EMAIL PROTECTED] wrote: Hi, Is it possible to run Bering cd and iptables without shorewall. If possible in which file should I write iptables/nat scripts. I suppose you can take out shorwall (note no e) from the LRP=... in the syslinux.cfg file and then create your own package with your own scripts. But I'd have to ask why? Shorewall is one of the best features of Bering. It really does make iptables easy, easy enough for this newbie to understand ;). -- Cass __ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering cd without shorewall
On Mon, 12 Aug 2002, Cass Tolken wrote: I suppose you can take out shorwall (note no e) from the LRP=... in the syslinux.cfg file and then create your own package with your own scripts. But I'd have to ask why? I wanted to ask the same question but then I'm a bit biased :-) -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering cd without shorewall
On Mon, Aug 12, 2002 at 06:55:05PM -0600, Abjin M H wrote:
Hi,
Is it possible to run Bering cd and iptables without shorewall. If possible in which
file should I write iptables/nat
scripts.
if you put your firewall script in in /etc/init.d/
and add a line like this
RCDLINKS='0,K31 1,K31 2,S29 3,S29 4,S29 5,S29 6,K20'
the rc*.d symlinks will be generated automatically
same with your network script, here's how I control
the interfaces...
down () {
d=`ip -o link show | cut -d: -f2`
for i in $d ; do
ip addr flush $i
ip link set $i down
done
}
up () {
ip link set lo up
ip link set eth0 up
ip link set eth1 up
ip link set eth2 up
ip link set eth3 up
ip addr add 127.0.0.1/8 label lodev lo
ip addr add 11.22.33.44/27 label eth0 dev eth0 # ISP
ip addr add 192.168.0.1/24 label eth1 dev eth1 # LAN
ip addr add 10.0.0.1/8 label eth2 dev eth2 # DMZ
ip addr add 10.0.0.2/8 label eth2:1dev eth2 # an alias
ip route add 0/0via 11.22.33.1 table main
}
case $1 in
start)
down
up
;;
stop)
down
;;
restart)
down
up
;;
*)
echo Usage: $0 {start|stop|restart}
exit 1
esac
// George
--
GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229
Security Services, Web, Mail,mailto:[EMAIL PROTECTED]
File, Print, DB and DNS Servers. http://www.galis.org/george
---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering cd without shorewall
On Mon, 12 Aug 2002, Abjin M H wrote: Hi, Is it possible to run Bering cd and iptables without shorewall. Yes, but you are on your own. Shorewall provides the iptables/nat support in Bering. If possible in which file should I write iptables/nat scripts. You will need to build your own package that includes an appropriate startup script to replace the Shorewall functionality, something like the /etc/init.d/shorewall script. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
