[Shorewall-newbies] Recommendations on shorewall setup on multiple single-int boxes

kd at source.intac.net kd at source.intac.net
Wed Dec 24 03:04:34 PST 2003


Brain fart. Many of the clients are off of the local net so the below
won't work for them. Anyway, if you have any recommendations, lemme
know. Thanks.

On Wed, 24 Dec 2003 kd at source.intac.net wrote:

> I've been spending the past few days going over the site and
> documentation. I'm still not set on what I want to do since the long term
> goals are not yet identified on my end. So I am here asking for some
> pointers.
> 
> My setup:
> 
> 3 servers with one interface(eth0) and each interface has a real routable
> IP address. 
> 
> Due to some users not having static IP's and others not always having a
> ipsec client available(some handhelds, and some other oddball type of
> sw/hw that no ipsec client is available for), I am wondering if the best
> route is to setup rules based on the mac addies of the devices used
> needed to connect to these servers. 
> 
> So, do I do shorewall install on each server, with rules allowing the 40
> or so devices needed to connect via mac addresses in rules, or is there
> something better? My goal is only to allow these ~40 devices to connect to
> these 3 servers over the Internet and drop and/or reject any other
> traffic. To me this seems best choice since I know exactly what will ever
> have a need to connect to these boxes and it by-passes any type of client
> side issues. Thoughts?
> 
> Also, due to location of the 3 servers, and that down the road we will
> most likely have a need to open them up to the world at times we can't run
> one box as a dedicated fw with the other 2 behind it. Basically, how the
> current setup is we need to stick with. 
> 
> Anyway, any comments or suggestions welcomed. Thanks.
> 
> 
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 



More information about the Shorewall-newbies mailing list