Shorewall users - Jan 2002 - Compicated config?

Hello,

at the moment, I''m trying to set up the following config:

several subnets from 10.0.0.0/8 and 192.168.0.0/16 which are offices.
Most of them are connected through the internal interface eth0.
But some are connected by VPN, made by a cisco, which is also our gateway to
the ISP.
(eth1 of firewall)
Now I thought about of zones in the form:
offa	officeA
offb	officeB
and so on.
Some of these zones connected to the internal (eth0), some to the VPN
(eth1).
I want to split the zones, because I want to have the traffic from/to the
offices.

Whats the best way? I''ve read something about to set the interfaces to
multi.
And this could drive me into the wrong road ;-)

Any help is highly appreciated

BR
Wolfgang

Hello Wolfgang,

On Monday 28 January 2002 07:15 am, Lumpp, Wolfgang
wrote:
> Hello,
>
> at the moment, I''m trying to set up the following config:
>
> several subnets from 10.0.0.0/8 and 192.168.0.0/16 which are offices.
> Most of them are connected through the internal interface eth0.
> But some are connected by VPN, made by a cisco, which is also our gateway
> to the ISP.
> (eth1 of firewall)
> Now I thought about of zones in the form:
> offa=09officeA
> offb=09officeB
> and so on.
> Some of these zones connected to the internal (eth0), some to the VPN
> (eth1).
> I want to split the zones, because I want to have the traffic from/to the
> offices.
>
> Whats the best way? I''ve read something about to set the
interfaces to
> multi.
> And this could drive me into the wrong road ;-)
>
> Any help is highly appreciated
>
For those interfaces that are associated with multiple zones, don''t
specify a=20
zone in /etc/shorewall/interfaces:

-=09eth0=09

You can then define the zones in the /etc/shorewall/hosts file:

offa=09eth0:10.1.2.0/24
offb=09eth0:192.168.1.0/24
=2E..

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net