So I''m sure I''m configuring things correctly, could someone confirm that I would have no loc zone if my only interface is eth0 connected to a separate router? - Grant ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
Grant wrote:> could someone confirm that I would have no loc zone if my only interface is eth0 connected to a separate router?You mean, you have a standalone device, which connects to your local network with one interface (and the router is <somewhere else>) ? You can still have a LOC zone, you will want to differentiate between connections to/from devices on your local network and those that are remote. IIRC, you''ll want to define LOC in terms of IP/netmask. Alternatively, you can have just one zone and define any rules for on-net traffic to include the local network IP/netmask (or individual machine IP) if you prefer. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
> > could someone confirm that I would have no loc zone if my onlyinterface is eth0 connected to a separate router?> > You mean, you have a standalone device, which connects to your localnetwork with one interface (and the router is <somewhere else>) ? There''s a router connected to the WAN and two laptops each connected to the router. I''m running shorewall on my laptop.> You can still have a LOC zone, you will want to differentiate betweenconnections to/from devices on your local network and those that are remote. IIRC, you''ll want to define LOC in terms of IP/netmask. The docs for shorewall/interfaces say "Each interface may be listed only once in this file." so how can I define both loc and net since my laptop communicates to/from both via eth0? - Grant> Alternatively, you can have just one zone and define any rules for on-nettraffic to include the local network IP/netmask (or individual machine IP) if you prefer. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 12/8/12 1:25 PM, "Grant" <emailgrant@gmail.com> wrote:>>> > > could someone confirm that I would have no loc zone if my only interface >>> is eth0 connected to a separate router? >> > >> > You mean, you have a standalone device, which connects to your local >> network with one interface (and the router is <somewhere else>) ? > > There''s a router connected to the WAN and two laptops each connected to the > router. I''m running shorewall on my laptop. > >> > You can still have a LOC zone, you will want to differentiate between >> connections to/from devices on your local network and those that are remote. >> IIRC, you''ll want to define LOC in terms of IP/netmask. > > The docs for shorewall/interfaces say "Each interface may be listed only once > in this file." so how can I define both loc and net since my laptop > communicates to/from both via eth0?man shorwall-nesting. Also see http://www.shorewall.net/Multiple_Zones.html which is linked from the Documentation Index (http://www.shorewall.net/Documentation_Index.html) with the title "Multiple Zones Through One Interface" -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d