Hi
I would like to use shorewall for my bridge firewall.
I just read the howto http://www.shorewall.net/bridge.html
But in this howto there are only one net behind the bridge and have
two nets behind my bridge.
Can I use shorewall with two nets behind the bridge.
Thanks in advance.
roberto
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
Jabber ID: rpereyra@lugmen.org.ar
For reliable and professional DNS, use DNS Made Easy!
http://www.dnsmadeeasy.com/u/14989
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Saturday 22 April 2006 13:48, Roberto Pereyra wrote:> Hi > > I would like to use shorewall for my bridge firewall. > > I just read the howto http://www.shorewall.net/bridge.html > > But in this howto there are only one net behind the bridge and have > two nets behind my bridge. > > Can I use shorewall with two nets behind the bridge. >If you mean "two LANs behind the bridge" then Yes -- just set up a three-port bridge. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> If you mean "two LANs behind the bridge" then Yes -- just set up a three-portHi ! Three-port means a bridge with three ethernet cards or I can define all with only the shorewall setup and two ethernet cards? Now I have my bridge with two ethernet cards. Thanks in advance. roberto 2006/4/22, Tom Eastep <teastep@shorewall.net>:> On Saturday 22 April 2006 13:48, Roberto Pereyra wrote: > > Hi > > > > I would like to use shorewall for my bridge firewall. > > > > I just read the howto http://www.shorewall.net/bridge.html > > > > But in this howto there are only one net behind the bridge and have > > two nets behind my bridge. > > > > Can I use shorewall with two nets behind the bridge. > > > > If you mean "two LANs behind the bridge" then Yes -- just set up a three-port > bridge. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Roberto Pereyra wrote:>> If you mean "two LANs behind the bridge" then Yes -- just set up a >> three-port > > Hi ! > > Three-port means a bridge with three ethernet cards or I can define > all with only the shorewall setup and two ethernet cards? > > Now I have my bridge with two ethernet cards.Then I don''t understand your configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
My router before the bridge manage two networks. 200.63..../24 and 200.117..../24 The question is if I can use only 2 nics (like now) with shorewall. Can I use: /etc/shorewall/hosts #ZONE HOST(S) OPTIONS net br0:eth0 loc1 br0:eth1:200.117..../24 loc2 br0:eth1:200.63..../24 This setup works ? roberto 2006/4/28, Tom Eastep <teastep@shorewall.net>:> Roberto Pereyra wrote: > >> If you mean "two LANs behind the bridge" then Yes -- just set up a > >> three-port > > > > Hi ! > > > > Three-port means a bridge with three ethernet cards or I can define > > all with only the shorewall setup and two ethernet cards? > > > > Now I have my bridge with two ethernet cards. > > Then I don''t understand your configuration. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > >-- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Roberto Pereyra wrote:> My router before the bridge manage two networks. > > 200.63..../24 > > and > > 200.117..../24 > > The question is if I can use only 2 nics (like now) with shorewall. > > Can I use: > > /etc/shorewall/hosts > > #ZONE HOST(S) OPTIONS > net br0:eth0 > loc1 br0:eth1:200.117..../24 > loc2 br0:eth1:200.63..../24 > > > This setup works ?It should, but I haven''t tried it. Note that you will not be able to filter traffic between loc1 and loc2 however (because the bridge won''t handle that traffic as such). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thanks Tom. roberto 2006/4/28, Tom Eastep <teastep@shorewall.net>:> Roberto Pereyra wrote: > > My router before the bridge manage two networks. > > > > 200.63..../24 > > > > and > > > > 200.117..../24 > > > > The question is if I can use only 2 nics (like now) with shorewall. > > > > Can I use: > > > > /etc/shorewall/hosts > > > > #ZONE HOST(S) OPTIONS > > net br0:eth0 > > loc1 br0:eth1:200.117..../24 > > loc2 br0:eth1:200.63..../24 > > > > > > This setup works ? > > It should, but I haven''t tried it. Note that you will not be able to > filter traffic between loc1 and loc2 however (because the bridge won''t > handle that traffic as such). > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > >-- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642