[Shorewall-users] Two-interface setup confirmation
teastep at shorewall.net
Mon Dec 15 15:49:17 PST 2003
On Tuesday 16 December 2003 02:23 am, Paul Trevethan wrote:
> On Mon, 15 Dec 2003 14:16:49 -0800
> Tom Eastep <teastep at shorewall.net> wrote:
> > On Tuesday 16 December 2003 12:40 am, Paul Trevethan wrote:
> > > Am I correct in naming the parts as below for Shorewall purposes:
> > >
> > > net = modem/internet
> > > fw = Linux box
> > > local = Windows machine & laptop.
> > > and I should start my config with two-interface template?
> > >
> > > Guidance appreciated,
> > I would start with the two-interface sample. You can disable local
> > network access to the internet, if that's what you want, by removing the
> > "loc net ACCEPT" policy and by removing the entry from the 'masq' file.
> > You will probably also want to add the following policies:
> > fw loc ACCEPT
> > loc fw ACCEPT
> > -Tom
> Thank you Tom. The only part I was not sure of was whether the Linux box
> was fw AND part of loc or fw only.
The way that Netfilter is organized, the firewall must be placed in a zone by
itself. By adding the two policies that I included in my previous post, you
are allowing all traffic between the firewall and your local systems.
Note that adding these policies also allows you to delete all fw->loc and
loc->fw rules from the two-interface sample rules file.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users