[Shorewall-users] Policy Rules not working as expected

Tom Eastep teastep@shorewall.net
Thu, 25 Apr 2002 07:19:59 -0700 (PDT)


On Thu, 25 Apr 2002, Tom Eastep wrote:

> 
> Sorry Patrick -- I didn't pay attention to which post you were replying 
> to. Yes, I agree totally that there is no reason to switch the meaning of 
> 'net' and 'loc' and I replied to that effect to the original poster.  

Ok -- hope that I haven't made everyone else as confused as I am :-)

We had two posts this morning with similar traits:

a) David Grant -- he reported that his local net was actually the internet 
because of something that I didn't understand.

b) Bernd (Nowak?) -- he stated in his opening paragraph that eth0 was his
network interface and eth1 was his local yet his configuration looked to
be the other way around. I thought that his opening paragraph was a typo
given that the subnets on eth1 (with the exception of 'token') use RFC1918
addresses and that's why I reacted to Patrick's post. To me, it still
looks like a typo;  maybe Bernd can clear that up for us.

It was David's post that I responded to given that I didn't understand
that part about why his local net being on the internet. I think I've now
muddled that one out. David has a single NIC in each of two systems, both
of which get IP's dynamically from his ISP. So he is using one lan segment
for both internet and local traffic. Not the world's best idea given that
the rules that he posted will give all of his neighbors free SMB access to
his SAMBA box.

I have a similar configuration here currently but I use a PPTP VPN from my
laptop to my firewall. The reason that the laptop moved out from behind my
firewall is that any time that I need tech support from my employer,
that's the first thing that the help desk wants me to do :-/ I just
decided to leave it outside the firewall permanently. Makes a good PoPToP 
test bed :-)

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net