[Shorewall-newbies] maclist setup

David Shepherd sdave at ufl.edu
Mon Mar 8 19:11:17 PST 2004


Thanks I will look at that, I did find a solution...I just added this to
the start file so that it runs to allow access to the 10.1.1.1 address
which is eth0:

iptables -I eth1_mac -d 10.1.1.1 -j ACCEPT

and eth0 doesn't have net access so they cannot get internet access...I
will look at that other how to though...Is there anything wrong with
what I did for a solution?

-----Original Message-----
From: shorewall-newbies-bounces at lists.shorewall.net
[mailto:shorewall-newbies-bounces at lists.shorewall.net] On Behalf Of Tom
Eastep
Sent: Monday, March 08, 2004 10:04 PM
To: List for New Shorewall Users
Subject: Re: [Shorewall-newbies] maclist setup

On Mon, 8 Mar 2004, David Shepherd wrote:

> The web server isn't the issue, the setup to only restrict macs on
eth1
> and not eth0 is my problem..they are both connected to the same
internal
> network..not in the same subnet though..

Every multi-interface HOWTO on the Shorewall site advises you about
connecting more than one network interface to the same HUB or Switch and
mentions that the workaround for the inevitable problems may be to set
the
'arp_filter' option on those interfaces in /etc/shorewall/interfaces.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
_______________________________________________
Shorewall-newbies mailing list
Post: Shorewall-newbies at lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm




More information about the Shorewall-newbies mailing list