On Tue, 15 Apr 2003, Micha Silver wrote:
> On Tuesday 15 April 2003 21:00, Tom Eastep wrote:
> > On Tue, 15 Apr 2003, Tom Eastep wrote:
> > > No -- I'm suggesting that you allow your firewall to route between the
> > > subnets on eth3 as described under "MULTIPLE SUBNETS" on the page that I
> > > referred you to.
> Here are the relevant lines, first from my interfaces file::
> - eth3 192.168.5.255 tcpflags,routefilter
You probably want to add 126.96.36.199 as a broadcast address.
> and from my hosts file:
> yext eth3:188.8.131.52/28
> # dialup
> mdm eth3:192.168.5.64/26
> and from rules:
> ACCEPT all yext tcp ssh,http,https,ftp,ftp-data,5631,5632
You NEVER need ftp-data as a destination port; and PcAnywhere only uses
port 5632 with UDP.
> ACCEPT dmz yext tcp 137,138,139
> ACCEPT loc1 yext tcp 137,138,139
> ACCEPT yext all tcp -
> # pcAnywhere to and from Yair servers internal computers
> ACCEPT yext all udp ssh,5632
> ACCEPT all yext udp ssh,5632
ssh doesn't use UDP.
> Does this look about right?
Depends on what you want to do between the mdm and yext zones.
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@...