[Shorewall-users] Handling alias interfaces/subnets

Dan DeVoe ddevoe at netset.com
Mon Sep 8 14:19:02 PDT 2003


I have attempted to follow the documentation regarding the configuration
of a multiple subnet machine without any success. Here is my situation:

We have a machine, 'mars', which serves as a virtual webserver. The
system's main IP is on the subnet, while the virtual IPs for
the web server instances will all exist on

Ideally, I would be able to independently adjust the rules for the main IP
and the virtual-server IPs (the main machine runs services that the
individual web instances will not).

To my understanding, the configuration below should function properly for
this purpose, but it does not. In fact, I cannot seem to send or receive
traffic anywhere when the firewall is enabled.

Can anyone shed some light on what I've done wrong here?

#ZONE           HOST(S)                         OPTIONS
loc             eth0:
loc             eth0:

-        eth0 , norfc1918,routefilter,dropunclean,blacklist

ACCEPT   fw             net             tcp     -
ACCEPT   fw             net             udp     -
ACCEPT   net            fw              tcp     ssh
ACCEPT   net            fw              tcp     domain
ACCEPT   net            fw              udp     domain
ACCEPT   net            fw              tcp     http
ACCEPT   net            fw              tcp     https
ACCEPT   loc            net             tcp     domain
ACCEPT   loc            net             udp     domain
ACCEPT   net            loc             tcp     ssh
ACCEPT   net            loc             tcp     ftp
ACCEPT   net            loc             tcp     ftp-data
ACCEPT   net            loc             tcp     http
ACCEPT   net            loc             tcp     https

 .''`.     Daniel DeVoe <ddevoe at netset.com>
: :'  :    http://www.netset.com/~ddevoe
`. `'`
  `-  Debian - when you have better things to do than fix a system

More information about the Shorewall-users mailing list