-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings My linux box has three NICs in it. They are assigned as following: Eth0 - dsl modem Eth1 - 192.168.0.0/24 Eth2 - 192.168.10.0/24 Eth1 goes to a local lan, which has a handful of computers. Eth2 goes to another lan, with another handful of computers which is copmletely separate from eth1. My question is, how do I get eth1 and eth2 to talk to each other so eth1 computers can access eth2 computers? .. I browsed around on the showerall site. The solution I saw is that I would need to create a bridge between eth1 and eth2, is this correct? Or is there a better way to do this? - --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com Want reliable web hosting at affordable prices? www.modevia.com Web Dev/Design Community/Zine www.developercube.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBQGfIFLrnDjSLw9ADEQLjbQCfdpi2nZmFjJlg3c6XoR8Y7olFtYYAnA11 O66qIWWldE44ysMmlgghU5fF =8Z6+ -----END PGP SIGNATURE-----
Aaron Axelsen said:> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greetings > > My linux box has three NICs in it. They are assigned as following: > > Eth0 - dsl modem > Eth1 - 192.168.0.0/24 > Eth2 - 192.168.10.0/24 > > Eth1 goes to a local lan, which has a handful of computers. Eth2 > goes to another lan, with another handful of computers which is > copmletely separate from eth1. > > My question is, how do I get eth1 and eth2 to talk to each other so > eth1 computers can access eth2 computers? .. I browsed around on the > showerall site. The solution I saw is that I would need to create a > bridge between eth1 and eth2, is this correct? Or is there a better > way to do this? >I think that the best way is to create 2 zones lan1 and lan2 with rules to permit lan1 to communicate with lan2 and viceversa and rules to let lan1 and lan2 connect to the DSL. Ciao sc -- Stefano Canepa e-mail: sc@linux.it To follow the path: look at the master, follow the master, walk with the master, see through the master, become the master. http://www.stefanocanepa.it
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you elaborate on that? - --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com Want reliable web hosting at affordable prices? www.modevia.com Web Dev/Design Community/Zine www.developercube.com - -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Stefano Canepa Sent: Monday, March 29, 2004 1:13 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] To Bridge or not to bridge? Aaron Axelsen said:> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greetings > > My linux box has three NICs in it. They are assigned as following: > > Eth0 - dsl modem > Eth1 - 192.168.0.0/24 > Eth2 - 192.168.10.0/24 > > Eth1 goes to a local lan, which has a handful of computers. Eth2 > goes to another lan, with another handful of computers which is > copmletely separate from eth1. > > My question is, how do I get eth1 and eth2 to talk to each other so > eth1 computers can access eth2 computers? .. I browsed around on > the showerall site. The solution I saw is that I would need to > create a bridge between eth1 and eth2, is this correct? Or is > there a better way to do this? >I think that the best way is to create 2 zones lan1 and lan2 with rules to permit lan1 to communicate with lan2 and viceversa and rules to let lan1 and lan2 connect to the DSL. Ciao sc - -- Stefano Canepa e-mail: sc@linux.it To follow the path: look at the master, follow the master, walk with the master, see through the master, become the master. http://www.stefanocanepa.it _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBQGfSnrrnDjSLw9ADEQJ5FQCfXUIXYQd1OcbmWR816zm1UZk9EeEAoMWQ jqcndiKnSTVoOQveNh7IDZl3 =hdpe -----END PGP SIGNATURE-----
On Mon, 2004-03-29 at 01:39 -0600, Aaron Axelsen wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you elaborate on that? >>> Aaron Axelsen said: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Greetings > > > > My linux box has three NICs in it. They are assigned as following: > > > > Eth0 - dsl modem > > Eth1 - 192.168.0.0/24 > > Eth2 - 192.168.10.0/24 > > > > Eth1 goes to a local lan, which has a handful of computers. Eth2 > > goes to another lan, with another handful of computers which is > > copmletely separate from eth1. > > > > My question is, how do I get eth1 and eth2 to talk to each other so > > eth1 computers can access eth2 computers? .. I browsed around on > > the showerall site. The solution I saw is that I would need to > > create a bridge between eth1 and eth2, is this correct? Or is > > there a better way to do this? > > > > I think that the best way is to create 2 zones lan1 and lan2 with > rules to permit lan1 to communicate with lan2 and viceversa and rules > to let lan1 and lan2 connect to the DSL.Bridging is not what you want in this case. It sounds right, but it''s not your solution. As Stefano mentioned, you want to have two zones for your internal networks and use rules or a policy to enable the traffic between them. Your config might look something like: interfaces: net eth0 lan1 eth1 lan2 eth2 policy: lan1 lan2 ACCEPT lan2 lan1 ACCEPT That would permit all traffic between lan1 and lan2. If you want that more granular, use rules. -- David T Hollis <dhollis@davehollis.com>
Aaron Axelsen wrote:> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you elaborate on that? >Aaron, Look at the two-interface QuickStart Guide''s last section about adding a wireless segment to the standard two-interface setup. That setup will work in your environment as well (bridging would require that you re-subnet). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks, works like a champ - --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com Want reliable web hosting at affordable prices? www.modevia.com Web Dev/Design Community/Zine www.developercube.com - -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Monday, March 29, 2004 8:48 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] To Bridge or not to bridge? Aaron Axelsen wrote:> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you elaborate on that? >Aaron, Look at the two-interface QuickStart Guide''s last section about adding a wireless segment to the standard two-interface setup. That setup will work in your environment as well (bridging would require that you re-subnet). - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBQGkeXLrnDjSLw9ADEQK7xgCfXSuVtRcfCoE8kcii/JZlongH96gAn2XO BNQTpvbpCA8+LKUxQhLanjJn =C0Cg -----END PGP SIGNATURE-----