On Wed, 2003-07-09 at 09:04, Jonas Anderson wrote:> GAAAAH!! :-(
>
> Why? Please help me understand why. I''ve come to love the
simplicity of
> Shorewall and now I can''t get it up and running as I anticipated.
*SIGH*
>
> Is it the lack of IP-adresses on the interfaces that''s the
problem? I mean
> IP-tables is working and as far as I''ve understood it Shorewall is
just
> another way of describing the rules for iptables. More or less a script
> translating simple rules into advanced iptables rules, right?
The problem is that Shorewall was written based on the netfilter
environment for Layer 3 firewalling. The Layer 2 environment has little
in common which the environment that Shorewall assumes.
>
> Well what shall I do now...?? Is there any other firewall package
that''s
> similar to Shorewall that might work? As far as I can remember I thought
you
> said somewhere that http://leaf-project.org/ had done something like a
> bridging firewall with Shorewall, or did I missunderstand?
>
There was someone looking at this but the conclusion was that any
product that did L2 firewalling under Linux would NOT be a variant of
Shorewall.
Your only hope of using Shorewall would be to use ProxyARP -- that works
like a bridge except that because it works at Layer 3, it doesn''t pass
broadcast packets.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net