[Shorewall-newbies] Can I add more than one ref to 1 interface?

Ow Mun Heng ow.mun.heng at wdc.com
Fri Dec 5 10:36:24 PST 2003


I have a complex question (tm).

Current Situtation

Shorewall version 1.4.7
iptables 1.2.7a
RH9 + Kernel 2.4.23

The interfaces I have:
net	wlan0	detect dhcp,routefilter	(wifi)
dsl	ppp0	-	blacklist	(blacklist ad sites like
ad.doubleclick.net, got better way?)
loc	eth0	detect

[Q]: What if I want to use a modem?? like a dial-up. I don't usuallu have
access to dsl

where
eth0	Local Lan
wlan0 Wifi
ppp0	DSL or Dial up Modem
eth1	A new pcmcia network card(?)

When at a wifi place, laptop acts as a firewall & router for another laptop 
witout a wifi card (routed from eth0) so.. 

Zones file
net 	net
loc	Local
dsl	dsl
(what about my dial-up modem??)

Since when on a DSL, modem is connected to eth0 I'm thinking of another
network card to connect to a hub so that local lan (just another pc) can be
masq'ed)

so can I add to the masq file

Masq file
wlan0		192.168.0.0/24 	(masq connections from local lan )
ppp0		192.168.0.0/24	(masq connections from local lan through 2nd
network card eth1)

What about if on a dial-up?? if on a dial-up, I think eth0 would be the one
connected to the local lan. so..

Masq file
wlan0		192.168.0.0/24 	(masq connections from local lan )
ppp0		192.168.0.0/24	(masq connections from local lan through 2nd
network card eth1)
eth0		192.168.0.0/24	(masq connection from local lan through eth1
- on dialup)

AS I mentioned it's pretty complex. I just have too many configs. I have a
wifi place I go to and I can grab my pal and we can wifi together using only
1 wifi card)

Then I can go to another pal's place and get access to his dsl, use eth1
(2nd pcmcia net card) to connect to a hub to another pc (Network/internet
gaming)

Then at home, I have a dial-up modem. (which I'm not gonna do.. but would
like to know that basis of "IF" i were to get it work.


policy file
loc	net	accept
net	all	drop
fw 	net	accept
fw 	dsl	accept
(what about my dial-up?)


Rules file
Accept	fw	net	tcp	53
Accept	fw	net	udp	53
Accept	fw	dsl	tcp	53
Accept	fw	dsl	udp	53

accept	loc	fw	icmp	8
accept	fw	loc	icmp	8

accept	net	fw	icmp	8
accept	fw	net	icmp	8

accept	fw	dsl	icmp	8
accept	dsl	fw	icmp	8

Pinging to the net gets no response _at_all_. It's either 'sendto not
permitted' even when run as root or responses are being dropped by the fw.
(shorewall logs)

Help?? ANy would be great.

Cheers,                                                 .^.
Mun Heng, Ow                                            /V\
H/M Engineering                                       /(   )\
Western Digital M'sia                                  ^^-^^
DID : 03-7870 5168                          The Linux Advocate

        


More information about the Shorewall-newbies mailing list