Menu
▾
▴
Re: [Shorewall-users] Separating ipaddresses to zones
|
From: Jerry V. <jv...@sh...> - 2004-01-07 14:29:48
|
Just had a thought... Your testing from the net correct? and not the local lan?? Jerry Vonau ----- Original Message ----- From: "kfliong" <kf...@wo...> To: <sho...@li...> Sent: Wednesday, January 07, 2004 03:50 Subject: Re: [Shorewall-users] Separating ipaddresses to zones > Thanks for the reply. Your reply really helped me to configure the firewall. > > But I am now stuck with port forwarding. > > I can't seems to forward them correctly. Here is what i did. > > under rules > > DNAT net allaccess:192.168.10.3 tcp 33334 - > > > > i want to forward port 33334 to 192.168.10.3 of allaccess interface. > > allaccess is defined in hosts as eth0:192.168.10.0/28 > > should i put this instead? > > DNAT net allaccess:192.168.10.3:33334 tcp 33334 - > > If yes, then what about ports with range like this? > > DNAT net allaccess:192.168.10.3 tcp 33334:33344 - > > > > As usual, please remember to reply to kf...@wo.... > > Thanks in advance. > > >X-ClientAddr: 64.59.134.9 > >Date: Tue, 06 Jan 2004 23:54:37 -0600 > >From: Jerry Vonau <jv...@sh...> > >Subject: Re: [Shorewall-users] Separating ipaddresses to zones > >To: kf...@wo... > >X-Mailer: Microsoft Outlook Express 5.50.4807.1700 > >X-yoursite-MailScanner-Information: Please contact the ISP for more > >information > >X-yoursite-MailScanner: Found to be clean > > > > > >Off the top of my head... > >http://shorewall.net/Multiple_Zones.html > >then see: Parallel Zones > > > >Create 2 local zones... say loc and loc1 in the zones file.. > > > >Say your local interface is eth1... > >- eth1 192.168.10.255 > > > >Set the policy for the zones in the policy file. > > > >To bad you have 1-16... > >In the hosts file define your zones... > >loc eth2:192.168.10.0/28 > >loc eth2:192.168.10.16 > >loc1 eth2:192.168.10.17 > >loc1 eth2:192.168.10.18 > >loc1 eth2:192.168.10.19 > >loc1 eth2:192.168.10.20 > >loc1 eth2:192.168.10.21 > >loc1 eth2:192.168.10.22 > >loc1 eth2:192.168.10.23 > >loc1 eth2:192.168.10.24 > >loc1 eth2:192.168.10.25 > >loc1 eth2:192.168.10.26 > >loc1 eth2:192.168.10.27 > >loc1 eth2:192.168.10.28 > >loc1 eth2:192.168.10.29 > >loc1 eth2:192.168.10.30 > >loc1 eth2:192.168.10.31 > >loc1 eth2:192.168.10.32/27 > >loc1 eth2:192.168.10.64/26 > >loc1 eth2:192.168.10.128/25 > > > >Then write your rules in the rules file... > >ACCEPT loc net tcp www > > > >Depending on where the proxy is, the method varies see... > >http://shorewall.net/Shorewall_Squid_Usage.html > > > >Changing the loc zone in the examples to loc1.... > > > >Jerry Vonau > > > > > > > >----- Original Message ----- > >From: "kfliong" <kf...@wo...> > >To: <sho...@li...> > >Sent: Tuesday, January 06, 2004 21:14 > >Subject: [Shorewall-users] Separating ipaddresses to zones > > > > > > > Hi, > > > > > > I am new to using shorewall. I have problem trying to configure it > >to me > > > specified needs. You see, currently I have iptables configured such > >that my > > > users are divided into a few "zone". We are using ip of 192.168.10.x > > > (255.255.255.0). So I seperate the users to 3 category. Those with > >ip from > > > 192.168.10.1 to .16 will be able to access everything. Those with > >.17 to > > > .255 will have their direct connections closed and can only access > >internet > > > from the proxy server. > > > > > > So, can I know how to put this into shorewall. I have looked in the > >docs > > > but can't seems to find anything that describe this. The closest > >that I can > > > find is something to do with using something like this eth1:1 and > >eth1:2 > > > but i can't figure out what it's about. > > > > > > I would appreciate any help and suggestions. > > > > > > BTW, I am not listed in the mailing list. So please make sure I get > >your > > > kind reply. > > > > > > Thanks in advance. > > > > > > > > > _______________________________________________ > > > Shorewall-users mailing list > > > Post: Sho...@li... > > > Subscribe/Unsubscribe: > >https://lists.shorewall.net/mailman/listinfo/shorewall-users > > > Support: http://www.shorewall.net/support.htm > > > FAQ: http://www.shorewall.net/FAQ.htm > > thanks > > > _______________________________________________ > Shorewall-users mailing list > Post: Sho...@li... > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm |