psw wrote:> Dear Friends,
>
> I have been using shorewall for some years.
> I want to set up "shorewall 2" router behind firewall,
> accordind to this picture:
>
> I have lost at setuping "zone"-s (wifi, lan1, net).
>
> Plese help me !
>
> Thanks, psw
>
> net
> |
> |
> SHOREWALL 1 ------- lan 1
> |
> |
> |wifi
> |
> |
> SHOREWALL 2 ------- lan 2
> |
> ---------------- lan 3
>
I''m not quite sure what your confusion is but I''ll try to give
you some
tips.
Let''s assume that:
net = eth0 on SHOREWALL 1
lan 1 = 192.168.1.0/24 (eth1 on SHOREWALL 1)
wifi = 192.168.2.0/24 (eth2 on SHOREWALL 1 and eth0 on SHOREWALL 2)
lan 2 = 192.168.3.0/24 (eth1 on SHOREWALL 2)
lan 3 = 192.168.4.0/24 (eth2 on SHOREWALL 2)
I''ll also assume that SHOREWALL 1 needs to have knowledge of lan 2 and
lan 3 and that SHOREWALL 2 needs to have knowledge of lan 1. You can
remove any definitions that are unnecessary in your environment.
I''ll also assume that you have set up your routing properly since
routing is not a Shorewall responsibility.
On SHOREWALL 1
/etc/shorewall/zones (order important)
net ...
lan1 ...
lan2 ...
lan3 ...
wifi ...
/etc/shorewall/interfaces:
net eth0 detect ...
lan1 eth1 192.168.1.255
wifi eth2 192.168.2.255
/etc/shorewall/hosts:
lan2 eth2:192.168.3.0/24 ...
lan3 eth2:192.168.4.0/24 ...
On SHOREWALL 2
/etc/shorewall/zones (order important)
lan1 ...
lan2 ...
lan3 ...
wifi ...
net ...
/etc/shorewall/interfaces:
net eth0 192.168.2.255
lan2 eth1 192.168.3.255
lan3 eth2 192.168.4.255
/etc/shorewall/hosts:
wifi eth0 192.168.2.0/24
lan1 eth0 192.168.1.0/24
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key