Hi,
I am using Shorewall 1.3.14-1
I have 3 network cards in my linux machine and 2 LANs:
Eth0 net 209.181.237.233/255.255.255.248
Eth1 LAN1 192.168.0.0/24
Eth2 LAN2 10.0.0.0/24
I want LAN1 and LAN2 to have net access, but I want to keep LAN1 and LAN2
seperated from eachother. I do want LAN1 and LAN2 to have access to the fw
on selected ports such as 25,110 but LAN2 should have more priviledges than
LAN1, so I wish to keep them in separate zones, also to keep LAN1 and LAN2
seperated from eachother.
I have the following (simplified) configuration:
Zones:
Net Internet
L1 LAN1
L2 LAN2
Interfaces:
Eth0 Net norfc1918
Eth1 L1
Eth2 L2
Masq:
Eth0 Eth1
Eth0 Eth2
Policy:
Fw Net ACCEPT
L1 Net ACCEPT
L2 Net ACCEPT
L2 Fw ACCEPT #L2 is trusted lan with samba, L1 is not
Fw L2 ACCEPT
Net All DROP
All All REJECT
Rules:
ACCEPT Net Fw tcp 22,25,80,110
ACCEPT L1 Fw tcp 25,110
This howeever seems not to work. L1 is always denied access to the fw under
the All2All policy. I can not connect to 10.0.0.1 (eth2) from L1 and neither
can I connect to the fw from the outside (but that does work if I take L1
out of all my configuration).
What am I doing wrong? I am sure the norfc1918 is the problem, but then why
does L2 to Fw work via Fw''s its external ip (eth0)?
Also, aside from my configuration, how is my Net,L1,L2 and keeping L1 and L2
seperated (separate hubs obviously), accomplished in the best way? Please
help as I am needing to get this flying today. CC to shorewall at incisoft
dot com if you can.
Fonz