Hi, I have a shorewall v4.0.7 installation on an older version of fedora. What is the proper way to add another network to the DMZ interface? Is it through virtual networks? If so, how is that done, given I''ve already designed the system around a single network on the DMZ? I have two physical interfaces on the firewall, with eth0 for external (192.168.1.0) and eth1 for the DMZ (192.168.2.0 and 192.168.3.0). For the time being, I have added a route to both networks on each host in the DMZ so the hosts can be reached easily while I figure this out. Is there any further information I can provide about the setup to hep with this? Thanks, Alex ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
On Mon, 2011-10-10 at 12:00 -0400, Alex wrote:> Hi, > > I have a shorewall v4.0.7 installation on an older version of fedora. > What is the proper way to add another network to the DMZ interface? > > Is it through virtual networks? If so, how is that done, given I''ve > already designed the system around a single network on the DMZ? > > I have two physical interfaces on the firewall, with eth0 for external > (192.168.1.0) and eth1 for the DMZ (192.168.2.0 and 192.168.3.0). > > For the time being, I have added a route to both networks on each host > in the DMZ so the hosts can be reached easily while I figure this out. > > Is there any further information I can provide about the setup to hep with this?First of all, Shorewall 4.0 is well past the end of its support life. But you might look at http://www.shorewall.net/4.2/Multiple_Zones.html to see if that addresses your problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
Hi,>> I have a shorewall v4.0.7 installation on an older version of fedora. >> What is the proper way to add another network to the DMZ interface? >> >> Is it through virtual networks? If so, how is that done, given I''ve >> already designed the system around a single network on the DMZ? >> >> I have two physical interfaces on the firewall, with eth0 for external >> (192.168.1.0) and eth1 for the DMZ (192.168.2.0 and 192.168.3.0). >> >> For the time being, I have added a route to both networks on each host >> in the DMZ so the hosts can be reached easily while I figure this out. >> >> Is there any further information I can provide about the setup to hep with this? > > First of all, Shorewall 4.0 is well past the end of its support life. > But you might look at http://www.shorewall.net/4.2/Multiple_Zones.html > to see if that addresses your problem.Yeah, I was afraid it was quite old. I have to work on upgrading but concerned about introducing incompatibilities with my ruleset and a newer version and the server being 50 miles away. Thanks so much for your help. Best, Alex ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct