[Shorewall-users] Two-interface setup confirmation

Tom Eastep teastep at shorewall.net
Mon Dec 15 15:49:17 PST 2003


On Tuesday 16 December 2003 02:23 am, Paul Trevethan wrote:
> On Mon, 15 Dec 2003 14:16:49 -0800
>
> Tom Eastep <teastep at shorewall.net> wrote:
> > On Tuesday 16 December 2003 12:40 am, Paul Trevethan wrote:
> > > Am I correct in naming the parts as below for Shorewall purposes:
> > >
> > > net = modem/internet
> > > fw = Linux box
> > > local = Windows machine & laptop.
> > > and I should start my config with two-interface template?
> > >
> > > Guidance appreciated,
> >
> > I would start with the two-interface sample. You can disable local
> > network access to the internet, if that's what you want, by removing the
> > "loc net ACCEPT" policy and by removing the entry from the 'masq' file.
> > You will probably also want to add the following policies:
> >
> > fw	loc	ACCEPT
> > loc	fw	ACCEPT
> >
> > -Tom
>
> Thank you Tom. The only part I was not sure of was whether the Linux box
> was fw AND part of loc or fw only.
>

The way that Netfilter is organized, the firewall must be placed in a zone by 
itself. By adding the two policies that I included in my previous post, you 
are allowing all traffic between the firewall and your local systems.

Note that adding these policies also allows you to delete all fw->loc and 
loc->fw rules from the two-interface sample rules file.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list