Hi,
I''ve a setup as follows (runs marvelous) :
modem (ppp0)
1st machine = proxy/router/shorewall (eth0, eth1, eth2)
2d machine = dmz http-server/lan mail-server (eth0)
switch ->lan machines
to save energie and noise .... i''d like to get all in 1 machine with
shorewall as forewall.
Could anybody put me on the right way for the setup ?
best regards
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
mess-mate wrote:> Hi, > > I''ve a setup as follows (runs marvelous) : > > modem (ppp0) > > 1st machine = proxy/router/shorewall (eth0, eth1, eth2) > > 2d machine = dmz http-server/lan mail-server (eth0) > > switch ->lan machines > > > to save energie and noise .... i''d like to get all in 1 machine with > shorewall as forewall. > > > Could anybody put me on the right way for the setup ? > > best regardsHi, 1.a) Install the web and mail software on the 1st machine and move the associated data from the 2nd machine and get rid of the 2nd machine. ... OR: 1.b) Install shorewall and a second network card in the 2nd machine and get rid of the 1st machine. 2) Replace DNAT rules with ACCEPT rules. But seriously, this is a VERY basic question. You should read up on the documentation before continuing. BR /Martin Leben ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Martin Leben wrote:> mess-mate wrote: > >> Hi, >> >> I''ve a setup as follows (runs marvelous) : >> >> modem (ppp0) >> >> 1st machine = proxy/router/shorewall (eth0, eth1, eth2) >> >> 2d machine = dmz http-server/lan mail-server (eth0) >> >> switch ->lan machines >> >> >> to save energie and noise .... i''d like to get all in 1 machine with >> shorewall as forewall. >> >> >> Could anybody put me on the right way for the setup ? >> >> best regards >> > > > Hi, > > 1.a) Install the web and mail software on the 1st machine and move the > associated data from the 2nd machine and get rid of the 2nd machine. > ... OR: > 1.b) Install shorewall and a second network card in the 2nd machine and get rid > of the 1st machine. > > 2) Replace DNAT rules with ACCEPT rules. > > But seriously, this is a VERY basic question. You should read up on the > documentation before continuing. > > BR > /Martin Leben > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >Thanks for the reply Martin, in fact my only problem is "what to do with the DMZ zone with option 1b". Sorry if it is a very basic question, but i''m not a currently shorewall nor firewall installer :( The purpose is to protect a home installation for 5 machines with an own web/mail server. My actually installation is/was done with the 3 interfaces doc and the DMZ on the 2d machine with the web in a vserver part. BR ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
mess-mate wrote:> Martin Leben wrote: > >> 1.a) Install the web and mail software on the 1st machine and move the >> associated data from the 2nd machine and get rid of the 2nd machine. >> ... OR: >> 1.b) Install shorewall and a second network card in the 2nd machine and get rid >> of the 1st machine. >> >> 2) Replace DNAT rules with ACCEPT rules. > > in fact my only problem is "what to do with the DMZ zone with option 1b".Regardless if you choose 1.a or 1.b above, you end up with one machine with shorewall, mail and web and two network cards. In other words a two-interface machine: One "net" and one "loc". So you can just delete the "dmz" zone from /etc/shorewall/zones and remove the corresponding interface from /etc/shorewall/interfaces. (I am hoping that I haven''t misunderstood you. Speak up if I have!)> Sorry if it is a very basic question, but i''m not a currently shorewall > nor firewall installer :(Don''t worry. If you think you have done your "homework", you are free to ask. Good luck! /Martin Leben ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/