Hello all,
I am trying to understand how would I manage traffic going using the new
4.0 changes.
I have configured a bridge in my net interface and on that bridge is my
dmz. I have two other machines on the DMZ and one of these machines
happens to be a asterisk server and the other a mail server.
My goal using the bridge was originally to manage the bandwidth being
sent over the bridge and centralize my firewall configuration. So what
I have right now looks like this.
net0--/
|----------------br-net_dmz ------lan0
dmz0--\
\
\--------- asterisk
\---------- mail
So my goal was to use the dmz0 interface as my controlling interface for
the bandwidth.
What happens with the configuration I have right now is the tcrules
complain that dmz0 is down, that is not actually true, it just does not
have an IP address.
Does the traffic controlling in shorewall require an address to control
the bandwidth?
Secondly I thought that I could actually do rules between the interfaces
over the bridge.
Basically I wanted to control net0 to dmz0 and I thought this was
possible but it seems that it doesn't work.
I do get some blocking at dmz0 but I am not sure why. I seem to only be
blocking on some things but it should be blocking on everything based on
my config right now.
I actually have my policy setup like this
Policy
lan all
ACCEPT
vpn all
ACCEPT
dmz net
ACCEPT
fw all
ACCEPT
net dmz DROP
$LOG
world dmz DROP
$LOG
net all DROP
$LOG
all all REJECT $LOG
Interfaces
world br-wan_dmz detect
bridge,routefilter,dhcp,blacklist,routeback
net br-wan_dmz:net0 # nothing allowed here
dmz br-wan_dmz:dmz0 # nothing allowed here
lan lan0 detect
dhcp,blacklist,routeback
vpn tun+ detect routeback
Is it possible to do what I want? Will I need to use ebtables to get what I am
looking for?
Thanks, and if any logs are needed please let me know.
--
Philip S. Hempel
Cell: 574-261-2878
Phone: 317-324-1108
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
