Hi all,
I am really new to shorewall. I have installed it but still do
not configured as I am studing all docs.
I have a question about the two interface configuration
modification proposed for PPTP client on firewall and PPTP server on
modem. I saw that I need to add a interface in /etc/showrewall/interfaces
eth0 so I think I need to write a interfaces file like this:
net ppp0 detect routefilter,norfc1918
loc eth1 detect
modem eth0 192.168.1.255
Is it right? I would like to connect eth1 to internal lan, leave eth0
connected only to ADSL modem and have routing (masquerading) between
eth1 and eth0
Phisical connections:
internal LAN modem LAN internet
eth1 |-----------| eth0 |------------|
------------| firewall |------------| adsl modem |---------
|-----------| |------------|
Logical connections:
internal LAN internet
eth1 |-----------| ppp0
------------| firewall |-----------
|-----------|
TIA
Stefano
--
Stefano Canepa e-mail: sc@linux.it
To follow the path: look at the master, follow the master, walk with the
master, see through the master, become the master.
http://www.stefanocanepa.it - http://www.linux.it/~sc
On Fri, 2003-08-29 at 02:26, Stefano Canepa wrote:> Hi all, > I am really new to shorewall. I have installed it but still do > not configured as I am studing all docs. > I have a question about the two interface configuration > modification proposed for PPTP client on firewall and PPTP server on > modem. I saw that I need to add a interface in /etc/showrewall/interfaces > eth0 so I think I need to write a interfaces file like this: > > net ppp0 detect routefilter,norfc1918 > loc eth1 detect > modem eth0 192.168.1.255 > > Is it right?Yes. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Friday 29 August 2003 05:56 am, Tom Eastep wrote:> On Fri, 2003-08-29 at 02:26, Stefano Canepa wrote: > > Hi all, > > I am really new to shorewall. I have installed it but still do > > not configured as I am studing all docs. > > I have a question about the two interface configuration > > modification proposed for PPTP client on firewall and PPTP server on > > modem. I saw that I need to add a interface in /etc/showrewall/interfaces > > eth0 so I think I need to write a interfaces file like this: > > > > net ppp0 detect routefilter,norfc1918 > > loc eth1 detect > > modem eth0 192.168.1.255 > > > > Is it right? > > Yes. > > -TomWhy is the eth0 interface needed Tom? Ive been running without it (ver 1.3) at our adsl site in Australia with no problems... (I''m reluctant to change it since its just a tad beyond my reach...) My Interfaces list only net ppp0 - dhcp,routefilter,blacklist,norfc1918 loc eth1 detect dhcp -- John Andersen - NORCOM http://www.norcomsoftware.com/
On Fri, 2003-08-29 at 11:00, John Andersen wrote:> On Friday 29 August 2003 05:56 am, Tom Eastep wrote: > > On Fri, 2003-08-29 at 02:26, Stefano Canepa wrote: > > > Hi all, > > > I am really new to shorewall. I have installed it but still do > > > not configured as I am studing all docs. > > > I have a question about the two interface configuration > > > modification proposed for PPTP client on firewall and PPTP server on > > > modem. I saw that I need to add a interface in /etc/showrewall/interfaces > > > eth0 so I think I need to write a interfaces file like this: > > > > > > net ppp0 detect routefilter,norfc1918 > > > loc eth1 detect > > > modem eth0 192.168.1.255 > > > > > > Is it right? > > > > Yes. > > > > -Tom > > Why is the eth0 interface needed Tom? > > Ive been running without it (ver 1.3) at our adsl site in > Australia with no problems... (I''m reluctant to change it > since its just a tad beyond my reach...) > > My Interfaces list only > net ppp0 - dhcp,routefilter,blacklist,norfc1918 > loc eth1 detect dhcpFirst of all, this thread is dealing with the case where there is a PPTP tunnel between the Shorewall box and the modem which is rather unusual. If the PPTP session needs to be restarted after Shorewall is running or if there is a desire to access the modem''s internal web server then the ethernet interface to the modem must be defined to Shorewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Friday 29 August 2003, alle 06:56, Tom Eastep: : On Fri, 2003-08-29 at 02:26, Stefano Canepa wrote: : > Hi all, : > I am really new to shorewall. I have installed it but still do : > not configured as I am studing all docs. : > I have a question about the two interface configuration : > modification proposed for PPTP client on firewall and PPTP server on : > modem. I saw that I need to add a interface in /etc/showrewall/interfaces : > eth0 so I think I need to write a interfaces file like this: : > : > net ppp0 detect routefilter,norfc1918 : > loc eth1 detect : > modem eth0 192.168.1.255 : > : > Is it right? : : Yes. : So packets going from a PC connected on internal LAN to the Internet will go from eth1 to ppp0 and packets going the other way will go from eth1 to ppp0. Eth0 is left only to go to the modem to set it up. If this is rigth shorewall is the first package managing iptables the way I like and I was unable to do this using plain iptables. Stefano -- Stefano Canepa e-mail: sc@linux.it To follow the path: look at the master, follow the master, walk with the master, see through the master, become the master. http://www.stefanocanepa.it - http://www.linux.it/~sc