Shorewall users - Sep 2002 - Using shorewall locally on a server?

On Wednesday 11 September 2002 03:48 pm, Alex Martin
wrote:
> Hello,
>
> I have recently had the opportunity to put one server in a nice colo
> facility.
> This means 1 network interface.
>
> I would like to have multiple IPs on this server, with various services
> firewalled to different IPs.
>
> With one IP, i can write rules like so:
>
> ACCEPT    net    fw    ftp,www,mail
>
> With multiple ips, then I would imagine initially:
>
> ACCEPT    net    fw:2.2.2.2    ftp
> ACCEPT    net    fw:2.2.2.3    www
> ACCEPT    net    fw:2.2.2.4    mail
>
> But, due to the nature of the fw zone as I understand it, I do not think
> this will work.
It does!

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

On Wednesday 11 September 2002 03:39 pm, Tom Eastep
wrote:
> On Wednesday 11 September 2002 03:48 pm, Alex Martin wrote:
> > Hello,
> >
> > I have recently had the opportunity to put one server in a nice colo
> > facility.
> > This means 1 network interface.
> >
> > I would like to have multiple IPs on this server, with various
services
> > firewalled to different IPs.
> >
> > With one IP, i can write rules like so:
> >
> > ACCEPT    net    fw    ftp,www,mail
> >
> > With multiple ips, then I would imagine initially:
> >
> > ACCEPT    net    fw:2.2.2.2    ftp
> > ACCEPT    net    fw:2.2.2.3    www
> > ACCEPT    net    fw:2.2.2.4    mail
> >
> > But, due to the nature of the fw zone as I understand it, I do not
think
> > this will work.
>
> It does!
>
But of course, you have to use correct syntax:

ACCEPT    net    fw:2.2.2.2    tcp	ftp
ACCEPT    net    fw:2.2.2.3    tcp	www
ACCEPT    net    fw:2.2.2.4    tcp	mail

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Hello,

I have recently had the opportunity to put one server in a nice colo
facility.
This means 1 network interface.

I would like to have multiple IPs on this server, with various services
firewalled to different IPs.

With one IP, i can write rules like so:

ACCEPT    net    fw    ftp,www,mail

With multiple ips, then I would imagine initially:

ACCEPT    net    fw:2.2.2.2    ftp
ACCEPT    net    fw:2.2.2.3    www
ACCEPT    net    fw:2.2.2.4    mail

But, due to the nature of the fw zone as I understand it, I do not think
this will work.

I am sure there is a way for shorewall to do this but I do not see how right
off the bat.

Any ideas?

Thanks,
alex@rettconsulting.com