I have two external interfaces in a Multi-ISP config. I allow access to port 81 for a webcam, but I only want that to work for one of the interfaces, and I want to limit the connections to it by maximum time for one user, or failing that, maximum connections, as people just leave it running on their desk all day (it''s a Caribbean beach so people sit and dream). ow do I do that as both interfaces are in the net zone? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Friday 24 March 2006 14:45, Chris Mason (Lists) wrote:> I have two external interfaces in a Multi-ISP config. I allow access to > port 81 for a webcam, but I only want that to work for one of the > interfaces,Have you read carefully the description of the rules file''s SOURCE column? Hint: net:eth0> and I want to limit the connections to it by maximum time > for one user, or failing that, maximum connections, as people just leave > it running on their desk all day (it''s a Caribbean beach so people sit > and dream).Shorewall has no features for limiting either connection time or maximum connections. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
----- Original Message -----> I have two external interfaces in a Multi-ISP config. I allow access to > port 81 for a webcam, but I only want that to work for one of the > interfaces, and I want to limit the connections to it by maximum time > for one user, or failing that, maximum connections, as people just leave > it running on their desk all day (it''s a Caribbean beach so people sit > and dream). > ow do I do that as both interfaces are in the net zone? >Set your rule up only to allow that public ip address..... ACCEPT net fw:<allowed_ip> tcp 81 Replace <allowed_ip> with whatever the ip is of that interface. Jerry ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Jerry Vonau wrote:> ----- Original Message ----- > > >> I have two external interfaces in a Multi-ISP config. I allow access to >> port 81 for a webcam, but I only want that to work for one of the >> interfaces, and I want to limit the connections to it by maximum time >> for one user, or failing that, maximum connections, as people just leave >> it running on their desk all day (it''s a Caribbean beach so people sit >> and dream). >> ow do I do that as both interfaces are in the net zone? >> >> > Set your rule up only to allow that public ip address..... > > ACCEPT net fw:<allowed_ip> tcp 81 > > Replace <allowed_ip> with whatever the ip is of that interface. > > Jerry > >I''m not sure that can work as I have # # Webcam1 # DNAT net loc:192.168.300.61:81 tcp 81 - - 2/sec:4 already. What''s the correct way to do this? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Friday 24 March 2006 15:39, Chris Mason (Lists) wrote:> Jerry Vonau wrote: > > ----- Original Message ----- > > > >> I have two external interfaces in a Multi-ISP config. I allow access to > >> port 81 for a webcam, but I only want that to work for one of the > >> interfaces, and I want to limit the connections to it by maximum time > >> for one user, or failing that, maximum connections, as people just leave > >> it running on their desk all day (it''s a Caribbean beach so people sit > >> and dream). > >> ow do I do that as both interfaces are in the net zone? > > > > Set your rule up only to allow that public ip address..... > > > > ACCEPT net fw:<allowed_ip> tcp 81 > > > > Replace <allowed_ip> with whatever the ip is of that interface. > > > > Jerry > > I''m not sure that can work as I have > # > # Webcam1 > # > DNAT net loc:192.168.300.61:81 tcp > 81 - - 2/sec:4 > > already. What''s the correct way to do this?# # Webcam1 # DNAT net:ethX loc:192.168.300.61:81 tcp 81 - - 2/sec:4 Where ''ethX'' is the interface that you want to allow. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key