Hello! How do i do if i want 2 nics in the same zone? /Rickard Eriksson
On Sat, 8 Jun 2002, Rickard Eriksson wrote:> Hello! > > How do i do if i want 2 nics in the same zone? >Just put two entries in /etc/shorewall/interfaces: z eth1 <bcast> <options> z eth2 <bcast> <options> -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
At 6/8/2002 06:40 PM, Tom Eastep wrote:>On Sat, 8 Jun 2002, Rickard Eriksson wrote: > > > Hello! > > > > How do i do if i want 2 nics in the same zone? > > > >Just put two entries in /etc/shorewall/interfaces: > >z eth1 <bcast> <options> >z eth2 <bcast> <options> > >-TomSo is this valid ? adm eth1 <bcast> <options> fin eth2 <bcast> <options> loc eth1 <bcast> <options> loc eth2 <bcast> <options> I.e., when I want create a rule specific to ''adm'' or ''fin'', I use either ''adm'' or ''fin''. When I want create a rule that applies to both zones, instead of creating 2 rules, I just use ''loc'' in 1 rule. Is it correct or there is another way to do this ? Thanks -Gilson
On Sat, 8 Jun 2002, Gilson Soares wrote:> > > >Just put two entries in /etc/shorewall/interfaces: > > > >z eth1 <bcast> <options> > >z eth2 <bcast> <options> > > > >-Tom > So is this valid ? > > adm eth1 <bcast> <options> > fin eth2 <bcast> <options> > loc eth1 <bcast> <options> > loc eth2 <bcast> <options> > > I.e., when I want create a rule specific to ''adm'' or ''fin'', I use either > ''adm'' or ''fin''. > When I want create a rule that applies to both zones, instead of creating 2 > rules, I just use ''loc'' in 1 rule. > > Is it correct or there is another way to do this ? >I haven''t a clue what you are trying to do with the above configuration. If eth1 and eth2 interface to multple zones then what the Shorewall model suggests is: - eth1 <bcast> <options> - eth2 <bcast> <options> Then in the /etc/shorewall/hosts file: adm eth1:<subnet1> <option> fin eth2:<subnet2> <option> loc eth1:0.0.0.0/0 <option> loc eth2:0.0.0.0/0 <option> This presumes that ''adm'' and ''fin'' are both subnets of ''loc'' on their respective interfaces. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
At 6/9/2002 12:11 AM, Tom Eastep wrote:>On Sat, 8 Jun 2002, Gilson Soares wrote: > > > > > > >Just put two entries in /etc/shorewall/interfaces: > > > > > >z eth1 <bcast> <options> > > >z eth2 <bcast> <options> > > > > > >-Tom > > So is this valid ? > > > > adm eth1 <bcast> <options> > > fin eth2 <bcast> <options> > > loc eth1 <bcast> <options> > > loc eth2 <bcast> <options> > > > > I.e., when I want create a rule specific to ''adm'' or ''fin'', I use either > > ''adm'' or ''fin''. > > When I want create a rule that applies to both zones, instead of=20 > creating 2 > > rules, I just use ''loc'' in 1 rule. > > > > Is it correct or there is another way to do this ? > > > >I haven''t a clue what you are trying to do with the above configuration.In fact I have eth0 (to Internet) and 3 different subnets: adm - eth1:10.0.0.0/24 fin - eth2:192.168.0.0/24 it - eth3:172.16.0.0/24 I have some rules that applies to only one subnet: ACCEPT it net tcp ssh But there are some situations I have a rule (in fact three) that applies to=20 all internal zones. ACCEPT adm net tcp http ACCEPT fin net tcp http ACCEPT it net tcp http My thought was to have only one rule: ACCEPT loc net tcp http It''s like ''loc'' be an alias to ''adm'', ''fin'' and =EDt''. I can make rules''s file shorter and cleanner. Thanks -Gilson>If eth1 and eth2 interface to multple zones then what the Shorewall model >suggests is: > >- eth1 <bcast> <options> >- eth2 <bcast> <options> > >Then in the /etc/shorewall/hosts file: > >adm eth1:<subnet1> <option> >fin eth2:<subnet2> <option> >loc eth1:0.0.0.0/0 <option> >loc eth2:0.0.0.0/0 <option> > >This presumes that ''adm'' and ''fin'' are both subnets of ''loc'' on their >respective interfaces.
On Sun, 9 Jun 2002, Gilson Soares wrote:> At 6/9/2002 12:11 AM, Tom Eastep wrote: > >On Sat, 8 Jun 2002, Gilson Soares wrote: > > > > > > > > > >Just put two entries in /etc/shorewall/interfaces: > > > > > > > >z eth1 <bcast> <options> > > > >z eth2 <bcast> <options> > > > > > > > >-Tom > > > So is this valid ? > > > > > > adm eth1 <bcast> <options> > > > fin eth2 <bcast> <options> > > > loc eth1 <bcast> <options> > > > loc eth2 <bcast> <options> > > > > > > I.e., when I want create a rule specific to ''adm'' or ''fin'', I use either > > > ''adm'' or ''fin''. > > > When I want create a rule that applies to both zones, instead of > > creating 2 > > > rules, I just use ''loc'' in 1 rule. > > > > > > Is it correct or there is another way to do this ? > > > > > > >I haven''t a clue what you are trying to do with the above configuration. > > In fact I have eth0 (to Internet) and 3 different subnets: > adm - eth1:10.0.0.0/24 > fin - eth2:192.168.0.0/24 > it - eth3:172.16.0.0/24 > > I have some rules that applies to only one subnet: > ACCEPT it net tcp ssh > > But there are some situations I have a rule (in fact three) that applies to > all internal zones. > ACCEPT adm net tcp http > ACCEPT fin net tcp http > ACCEPT it net tcp http > > My thought was to have only one rule: > ACCEPT loc net tcp http > > It''s like ''loc'' be an alias to ''adm'', ''fin'' and ít''. > I can make rules''s file shorter and cleanner. >Then in your policy file, you want: adm net CONTINUE fin net CONTINUE -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net