On 04/29/2011 04:43 AM, Farkas Levente wrote: > yes. it's one physical ethernet card and running 4 guest (and the host) > while br0 has one valid public ip address. > > it's the setup: > # brctl show > bridge name bridge id STP enabled interfaces > br0 8000.6cf049b9800a no eth0 > vnet0 > vnet1 > vnet2 > vnet3 > # ifconfig > br0 Link encap:Ethernet HWaddr 6C:F0:49:B9:80:0A > inet addr:1.2.3.4 Bcast:1.2.3.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:78537495 errors:0 dropped:0 overruns:0 frame:0 > TX packets:13333536 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:7250322026 (6.7 GiB) TX bytes:58699652446 (54.6 GiB) > > eth0 Link encap:Ethernet HWaddr 6C:F0:49:B9:80:0A > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:141686837 errors:0 dropped:0 overruns:0 frame:0 > TX packets:114685992 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:32429824910 (30.2 GiB) TX bytes:120019867392 (111.7 GiB) > Interrupt:35 Base address:0xe000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:220184 errors:0 dropped:0 overruns:0 frame:0 > TX packets:220184 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:316739812 (302.0 MiB) TX bytes:316739812 (302.0 MiB) > > vnet0 Link encap:Ethernet HWaddr FE:54:00:B5:A9:34 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:5623576 errors:0 dropped:0 overruns:0 frame:0 > TX packets:61595953 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:15444682121 (14.3 GiB) TX bytes:11060142699 (10.3 GiB) > > vnet1 Link encap:Ethernet HWaddr FE:54:00:09:71:2B > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:22643389 errors:0 dropped:0 overruns:0 frame:0 > TX packets:75916886 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:31250603040 (29.1 GiB) TX bytes:7726089254 (7.1 GiB) > > vnet2 Link encap:Ethernet HWaddr FE:54:00:1F:F7:5D > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:15754986 errors:0 dropped:0 overruns:0 frame:0 > TX packets:67798786 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:11375672734 (10.5 GiB) TX bytes:15335707117 (14.2 GiB) > > vnet3 Link encap:Ethernet HWaddr FE:54:00:14:E8:B9 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:244377 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3603432 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:500 > RX bytes:20385018 (19.4 MiB) TX bytes:833931605 (795.2 MiB)
Okay; here is how I would do it (assuming that the Windows box is vnet3): shorewall.conf: ... IMPLICIT_CONTINUE=No ... zones: fw firewall world ipv4 net:world bport dmz:world bport win:dmz bport policy: net dmz ACCEPT net all DROP info dmz net ACCEPT win net ACCEPT #You might want to change this fw world ACCEPT all all REJECT info interfaces: world br0 - bridge net br0:eth0 win br0:vnet3 dmz br0:vnet+ HTH, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
