Jason Allen <[EMAIL PROTECTED]> writes: > Another rules question. > > The web interface is not reading my /etc/shorewall/rules file correctly. > Even if I make a change in that file, when I go to the rules section it > doesn't display properly. It shows me what it previously had, and doesn't > show any of the changes. How can I get it so the interface shows me the > actual rules from the rules file?
SNF was designed as a blackbox. The admin was supposed to use the web gui only. MNF was based on SNF and this is still valid. I agree that I sould change that for the next version ... but we'll get into some other subtle problem: persers :o) So, do not modify things by hand if you want to use the web gui and expect to find that modified info there. The frontend part of the mnf talks to the backend part. The later one stores all the MNF "database" in a plain text file called /var/lib/naat/configuration. The rules part corresponds to the RulesList variable ... if my memory is correct ... and has a "special" format ... > Jason > > Jason Allen wrote: > > > Ok I have the box up and running, next question... rules. > > When you go to add custom rule, in the client and server there is a > > field for "interface,IP or Subnet" .... I'd like to add a rule that > > applies to multiple IP addresses in a row i.e. 120.x.x.20 - > > 120.x.x.25. What's the syntax for entering that into the box so MNF > > will read it and apply the rules correctly? > > > > Jason > > > > Florin wrote: > > > >> http://shorewall.net/shorewall_setup_guide.htm#Routed > >> > >> > >>> Jason Allen <[EMAIL PROTECTED]> writes: > >>> > >> > >> > >> > >>> OK guys MNF Setup questions. Hopefully someone can help. I have a > >>> machine w/ 2 nics and the newest MNF beta2 installed on it. My WAN > >>> interface eth0 is configured at let's say 120.x.x.25 (fake address used > >>> for an example) and my LAN interface eth1 is configured at 130.x.x.1. > >>> This has to be this way due to a "front-porch" setup of our network. > >>> Now > >>> we have a pretty big network behind the 130.x.x.x network, everything > >>> is > >>> all set, but the 130.x.x.1 has to be the gateway that machines on the > >>> LAN > >>> use. How can I route all traffic from 130.x.x.x (LAN) to 120.x.x.25 > >>> (WAN) > >>> and out while keeping the routability of the addresses behind the LAN? > >>> What I mean is we have routable addresses on the LAN, so say I start an > >>> ssh session to a machine out in the world. I don't want the machine to > >>> see a connection coming from a standard source address, I need it to > >>> see > >>> the actual IP of that machine (we have a network based billing system). > >>> How can I route traffic from eth0 (LAN) to eth1 (WAN) (and vice versa > >>> for > >>> connections coming from the outside world) successfully via MNF? A > >>> Static > >>> route? Something different? A Masqerade rule would be something for > >>> private addresses like 192.168.x.x but I don't think that would keep > >>> the > >>> routability in tact (am I correct on that?). Once that is done, I can > >>> get > >>> all the rules in place. > >>> > >>> Can someone help me make this happen? Does it have to be hard-coded in > >>> config files? It's kind of a short time scale as the higher-ups would > >>> like to get this working tomorrow morning, and I'm just not seeing how > >>> to > >>> make it happen. Thanks in advance, > >>> > >>> Jason > >>> my 2 cts, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
