That could have gone smoother. I had many problems with the NFS install on my firewall then once I got the server back up, mail delivery was broken :- ( I still haven''t gotten ulogd to run under RH9.0 but everything else seems to be working ok... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Hi, I''ve just consolidated my firewall to a RAS/Radius server. My firewall does the dialout at ppp0, and dialin users get ppp1 and up. I''m using RedHat 8, but am wondering what rules I have to put in place to allow ppp1 ppp2 ppp3 etc access to what they had before. At the moment what I''ve done is made a zone for the devices, added their IP''s into hosts, made the interface, modified the policy to allow their device out to the internet and modified some rules to do similar, this works but I''m wondering if there''s an easier way to do this since I''ll have to do this for each dialup. My basic setup is: Static IP to ISP 192.168.23.0 network routed to ISP (it''s a real 203 live network). 192.168.23.100 assigned to 1st downlink ppp1 assigned relevant zones, hosts, interfaces, policy and rules to both ppp0 (the net) and ppp1 (the downlink zone). I use wvdial to dialout on ppp0 I use portslave/freeradius to accept dialins. I only have permanent IP''s as downlinks, but I also see issues when it comes to dynamic IP''s if required in the future (as the ppp devices are fixed to an IP). I''m also looking at the possible need to fix ppp0 to the "net" zone and fix "ppp1" to dom1 zone (for domain1.com) and "ppp2" to dom2 zone (for domain2.com) I''m not sure how to do that with Red Hat 8 so any ideas there are also appreciated. Michael. __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Sat, 26 Apr 2003 18:22:15 -0700 (PDT), Michael Mansour <micoots@yahoo.com> wrote:> > My firewall does the dialout at ppp0, and dialin users > get ppp1 and up. > > I''m using RedHat 8, but am wondering what rules I have > to put in place to allow ppp1 ppp2 ppp3 etc access to > what they had before.And we are supposed to guess what that was apparently.> > At the moment what I''ve done is made a zone for the > devices, added their IP''s into hosts, made the > interface, modified the policy to allow their device > out to the internet and modified some rules to do > similar, this works but I''m wondering if there''s an > easier way to do this since I''ll have to do this for > each dialup.In general, what I would do is: /etc/shorewall/zones (order is important): net Internet di Dial Ins /etc/shorewall/interfaces: net ppp0 ... di ppp* ... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Hi,> > My firewall does the dialout at ppp0, and dialin > users > > get ppp1 and up. > > > > I''m using RedHat 8, but am wondering what rules I > have > > to put in place to allow ppp1 ppp2 ppp3 etc access > to > > what they had before. > > And we are supposed to guess what that was > apparently.Sorry, I don''t even know what I meant there, that''s the result of too much study, too much work, late nights and the many upgrades I''ve done recently.. so on to the below...> > At the moment what I''ve done is made a zone for > the > > devices, added their IP''s into hosts, made the > > interface, modified the policy to allow their > device > > out to the internet and modified some rules to do > > similar, this works but I''m wondering if there''s > an > > easier way to do this since I''ll have to do this > for > > each dialup. > > In general, what I would do is: > > /etc/shorewall/zones (order is important): > > net Internet > di Dial Ins > > /etc/shorewall/interfaces: > > net ppp0 ... > di ppp* ...Excellent, that''s what I needed to know, I didn''t know you could use ppp*. Thanks. Michael. __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Mon, 28 Apr 2003 16:17:00 -0700 (PDT), Michael Mansour <micoots@yahoo.com> wrote:>> >> /etc/shorewall/interfaces: >> >> net ppp0 ... >> di ppp* ... > > Excellent, that''s what I needed to know, I didn''t know > you could use ppp*. >Ooops -- the character is "+", not "*" (as I incorrectly typed). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net