Menu
▾
▴
Re: [Shorewall-users] Compicated config?
|
From: Tom E. <te...@sh...> - 2002-01-28 15:42:22
|
Hello Wolfgang, On Monday 28 January 2002 07:15 am, Lumpp, Wolfgang wrote: > Hello, > > at the moment, I'm trying to set up the following config: > > several subnets from 10.0.0.0/8 and 192.168.0.0/16 which are offices. > Most of them are connected through the internal interface eth0. > But some are connected by VPN, made by a cisco, which is also our gatew= ay > to the ISP. > (eth1 of firewall) > Now I thought about of zones in the form: > offa=09officeA > offb=09officeB > and so on. > Some of these zones connected to the internal (eth0), some to the VPN > (eth1). > I want to split the zones, because I want to have the traffic from/to t= he > offices. > > Whats the best way? I've read something about to set the interfaces to > multi. > And this could drive me into the wrong road ;-) > > Any help is highly appreciated > For those interfaces that are associated with multiple zones, don't speci= fy a=20 zone in /etc/shorewall/interfaces: -=09eth0=09 You can then define the zones in the /etc/shorewall/hosts file: offa=09eth0:10.1.2.0/24 offb=09eth0:192.168.1.0/24 =2E.. -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |