Hi. I have a PPPoE server (PPPoEoE – PPP over Ethernet), with rp-pppoe and pppd, and I want to protect the server (and the PPPoE clients if possible) with Shorewall. The Server's configuration is:
eth0: internet connection (IPV4 address) eth1: PPPoE connection for my PPPoE clients (Interface without IP, just Ethernet. I bring up this interface with /sbin/ifconfig eth1 up) The PPPoE clients get their IP numbers in the range 10.67.4.0/22 My Shorewall configuration is: ----------- INTERFACES ----------- net eth0 detect tcpflags,nosmurfs,routefilter BA ppp+ - tcpflags,nosmurfs # please note that I don’t mention eth1 here ----------- Zones ----------- fw firewall net ipv4 BA ipv4 <- zone for PPPoE clients ----------- Policy ----------- $FW net DROP $FW BA DROP $FW all DROP net $FW DROP net BA DROP net all DROP BA $FW DROP BA net ACCEPT BA all DROP ----------- Masq (I do masquerading by the moment) ----------- eth0 10.67.4.0/22 The questions are: 1) Is correct this configuration for a PPPoE server (PPPoEoE server)? 2) Is correct don't have any mention to eth1 in my Shorewall’s configuration? 3) How I can improve the Shorewall configuration? Thanks in advance. Carlos Martinez PD/ I apologize for my bad English. ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
