Via creative use of the instructions at
http://shorewall.net/Multiple_Zones.html#id2497549.
But can a zone (in shorewall/interfaces) reference multiple interfaces?
I have two openvpn instances running on my server, one bridged (for
upstream access to some client vpn''s so I don''t have to
request the
clients add new subnets to their routing tables) and one routed (for
nailed connections to some remote voip users who have hard phones).
So I''d like to have one zone that can handle both connections with the
same restrictions, like below:
/etc/shorewall/zones - System A:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS
OPTIONS
road ipv4
On system A, the remote clients will comprise the road zone.
In /etc/shorewall/interfaces on system A:
#ZONE INTERFACE BROADCAST OPTIONS
road tun+,tap+
In /etc/shorewall/tunnels on system A, we need the following:
#TYPE ZONE GATEWAY GATEWAY ZONE
openvpnserver:1194 net 0.0.0.0/0
openvpnserver:1195 net 0.0.0.0/0
We want the remote systems to have access to the local LAN - we do that
with an entry in /etc/shorewall/policy (assume that the local LAN
comprises the zone "loc").
#SOURCE DESTINATION POLICY
road loc ACCEPT
Is this "legal"?
Keith Mitchell
CTO
Productivity Associates, Inc.
5625 Ruffin Rd STE 220
San Diego, CA 92123
(858) 495-3528 (Voice)
(858) 495-3540 (Fax)
keithm@gotopai.com
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
My bad disregard. Don''t need to interfaces line for the bridged
connection, so I believe just
In /etc/shorewall/interfaces on system A:
#ZONE INTERFACE BROADCAST OPTIONS
road tun+
will work there.
-----Original Message-----
From: shorewall-users-bounces@lists.sourceforge.net
[mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of
Keith Mitchell
Sent: Wednesday, January 03, 2007 3:51 PM
To: Shorewall Users
Subject: [Shorewall-users] An interface can reference multiple zones...
Via creative use of the instructions at
http://shorewall.net/Multiple_Zones.html#id2497549.
But can a zone (in shorewall/interfaces) reference multiple interfaces?
I have two openvpn instances running on my server, one bridged (for
upstream access to some client vpn''s so I don''t have to
request the
clients add new subnets to their routing tables) and one routed (for
nailed connections to some remote voip users who have hard phones).
So I''d like to have one zone that can handle both connections with the
same restrictions, like below:
/etc/shorewall/zones - System A:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS
OPTIONS
road ipv4
On system A, the remote clients will comprise the road zone.
In /etc/shorewall/interfaces on system A:
#ZONE INTERFACE BROADCAST OPTIONS
road tun+,tap+
In /etc/shorewall/tunnels on system A, we need the following:
#TYPE ZONE GATEWAY GATEWAY ZONE
openvpnserver:1194 net 0.0.0.0/0
openvpnserver:1195 net 0.0.0.0/0
We want the remote systems to have access to the local LAN - we do that
with an entry in /etc/shorewall/policy (assume that the local LAN
comprises the zone "loc").
#SOURCE DESTINATION POLICY
road loc ACCEPT
Is this "legal"?
Keith Mitchell
CTO
Productivity Associates, Inc.
5625 Ruffin Rd STE 220
San Diego, CA 92123
(858) 495-3528 (Voice)
(858) 495-3540 (Fax)
keithm@gotopai.com
------------------------------------------------------------------------
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Keith Mitchell wrote:> My bad disregard. Don''t need to interfaces line for the bridged > connection, so I believe just > > In /etc/shorewall/interfaces on system A: > > #ZONE INTERFACE BROADCAST OPTIONS > road tun+ > > will work there.But to answer your original question. From /etc/shorewall/interfaces: # If there are multiple interfaces to the same zone, # you must list them in separate entries: # # Example: # # loc eth1 - # loc eth2 - # -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV