[Shorewall-users] Compicated config?
Mon, 28 Jan 2002 07:42:22 -0800
On Monday 28 January 2002 07:15 am, Lumpp, Wolfgang wrote:
> at the moment, I'm trying to set up the following config:
> several subnets from 10.0.0.0/8 and 192.168.0.0/16 which are offices.
> Most of them are connected through the internal interface eth0.
> But some are connected by VPN, made by a cisco, which is also our gatew=
> to the ISP.
> (eth1 of firewall)
> Now I thought about of zones in the form:
> and so on.
> Some of these zones connected to the internal (eth0), some to the VPN
> I want to split the zones, because I want to have the traffic from/to t=
> Whats the best way? I've read something about to set the interfaces to
> And this could drive me into the wrong road ;-)
> Any help is highly appreciated
For those interfaces that are associated with multiple zones, don't speci=
zone in /etc/shorewall/interfaces:
You can then define the zones in the /etc/shorewall/hosts file:
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com