Shorewall

Hello,

I can't figure it out how to accomplish the following, I have a LAN
existing out a XP box, Debian Linux PC and a server. They all are
connected through a ethernet switch and that one is connected to a
Speedtouch ADSL/Router.

On the Debian PC is Shorewall running, I have only eth0 connected, what
I can't figure out is how I can define the traffic to the Internet and
the LAN, if that traffic should go through different interfaces it is
easy but through the same interface I can't find. I did try add a zone
Loc also on eth0 but that Shorewal doesn't accept.

Below the config files as they are now;

/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect blacklist,routefilter,tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

/etc/shorewall/zones
#ZONE DISPLAY COMMENTS
net Net Internet
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

/etc/shorewall/policy
#SOURCE DEST POLICY LOG LEVEL
LIMIT:BURST
fw net ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

TIA

Kees
--
Your boss climbed the corporate ladder, wrong by wrong.
Linux Registered User #300181 | ICQ #179658498
See me at http://dragonhill.xs4all.nl -- # EOE

On Tue, 28 Jun 2005 11:58:17 +0200, Kees de Koster
<(E-Mail Removed)> wrote:
> Hello,
>
> I can't figure it out how to accomplish the following, I have a LAN
> existing out a XP box, Debian Linux PC and a server. They all are
> connected through a ethernet switch and that one is connected to a
> Speedtouch ADSL/Router.
>
> On the Debian PC is Shorewall running, I have only eth0 connected, what
> I can't figure out is how I can define the traffic to the Internet and
> the LAN, if that traffic should go through different interfaces it is
> easy but through the same interface I can't find. I did try add a zone
> Loc also on eth0 but that Shorewal doesn't accept.
>
You can try using aliases, eth0:0 and eth0:1.



--
Tonight you will pay the wages of sin; Don't forget to leave a tip.

Take a look at the documentation for /etc/shorewall/hosts. What you
probably want is something like:

/etc/shorewall/zones:

loc Loc Local
net Net Internet

Note that the ordering of the zones there is important. The loc zone
must be defined first.

/etc/shorewall/hosts:

loc eth0:192.168.0.0/24
net eth0:0.0.0.0/0

Note that you can also use this file to set different options for the
zones.

/etc/shorewall/intefaces:

- eth0 detect blacklist,routefilter,tcpflags

Note the hyphen instead of the zone name there.

Check out http://www.shorewall.net/Multiple_Zones.html for more
details.

G

In article <(E-Mail Removed). com>,
gg-(E-Mail Removed) wrote:
> Take a look at the documentation for /etc/shorewall/hosts. What you
> probably want is something like:
>
> /etc/shorewall/zones:
>
> loc Loc Local
> net Net Internet
>
> Note that the ordering of the zones there is important. The loc zone
> must be defined first.
>
> /etc/shorewall/hosts:
>
> loc eth0:192.168.0.0/24
> net eth0:0.0.0.0/0
>
> Note that you can also use this file to set different options for the
> zones.
>
> /etc/shorewall/intefaces:
>
> - eth0 detect blacklist,routefilter,tcpflags
>
> Note the hyphen instead of the zone name there.
>
> Check out http://www.shorewall.net/Multiple_Zones.html for more
> details.
>
> G
>

Thanks a lot, that's exactly what I was looking for :-)

Kees
--
Fill what's empty, empty what's full, scratch where it itches.
-- Alice Roosevelt Longworth
Linux Registered User #300181 | ICQ #179658498
See me at http://dragonhill.xs4all.nl -- # EOE