G. Walsh
2004-Jul-07 02:29 UTC
Correctly establishing for two ethernet connections plus a lan
I have attached the present system setup as requested. This is a Mandrake 10.1 system, and the /etc/shorewall files excerpted are exactly those setup when I requested the firewall with connectivity for web, dns, ssh and mail servers along with bittorrent services. However, on a restart, shorewall informed me that eth2:10 was invalid. I therefore manually removed all the aliased subsets for eth2 and was able to restart OK. Presumably, Mandrake overlooked this??? The second of 2 static IPs (eth1) is intended to handle only ssh traffic for the secure functions of the web pages. I note this was set up as a ''loc'' whereas I perhaps would have defined it as ''net'', but I am ignorant of the implications. Forwarding is enabled now (in /etc/sysctl.conf0), but beyond that nothing else has been changed. Also, is it required that I establish the individual hosts forming the lan in shorewall''s hosts file? (This is all being done with the idea of making it pretty straightforward to move individual hosts to a colo when the development is completed and production is possible.). I am hoping that this config will isolate the encrypted/secure traffic but I just don''t appreciate the requirements in the setting up of the iptables. I''m sure its simple enough (they are the kinds of problems I cannot solve!!!), but I want to get it correct. I am so mind-blown with snat and dat and dnat and masquerade etc that I feel I''m at the point of moving backward. A couple of gentle nudges would be very much appreciated. George -- G. Walsh, Managing Director, DSC Directional Services Corp., Victoria, B.C., Canada
Tom Eastep
2004-Jul-07 03:39 UTC
Re: Correctly establishing for two ethernet connections plus a lan
G. Walsh wrote:> I have attached the present system setup as requested. >I''ve looked at your configuration and I still have no idea what you are trying to do. So please try to describe what problem you are attempting to solve with Shorewall. a) What are the networks connected to the Shorewall box (on the three NICs)? b) What are the services that are offered and to which hosts/networks are they offered. c) Where do these servers run and what IP address they are each of them bound to? Your question about IP aliases (e.g., eth0:10) is hopefully answered at http://shorewall.net/Shorewall_and_Aliased_Interfaces.html. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep
2004-Jul-07 03:57 UTC
Re: Correctly establishing for two ethernet connections plus a lan
Tom Eastep wrote:> G. Walsh wrote: > >> I have attached the present system setup as requested. >> > > I''ve looked at your configuration and I still have no idea what you are > trying to do. So please try to describe what problem you are attempting > to solve with Shorewall. > > a) What are the networks connected to the Shorewall box (on the three > NICs)? > b) What are the services that are offered and to which hosts/networks > are they offered. > c) Where do these servers run and what IP address they are each of them > bound to?Also, what is each NIC connected to? Are two of them connected to the same HUB/Switch (ignoring the numerous warnings in the Shorewall documentation about such a configuration)? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net