On Mar 26, 2009, at 6:31 PM, Darrick Hartman wrote: > Lonnie, > > I think you need to be clear on this. We're trying to encourage users > NOT to directly edit the firewall.conf file, but rather take the > variable (in this case INT_IF_TRUST) and add it to their user.conf > file > in /mnt/kd/rc.conf.d/ (or /mnt/kd/rc.conf if using just the single > file).
Yes, adding to user.conf (Advanced User System Variables) is what I meant. > > Also is, there a web interface check box for this option? Not for this case. The Firewall tab has a setting that uses the INT_IF_TRUST variable related to OpenVPN... __ Allow OpenVPN tunnel to the [ 1st LAN Interface ] It is best if the network is designed so different LAN's don't have the need to talk with each other. Another option is to define a LAN and a DMZ subnet and add DMZ to LAN rules. Which can all be done via the web interface. The last option is as suggested... INT_IF_TRUST="eth1 eth2" Lonnie > Directly editing the firewall.conf file will require additional work > in > the future when migrating to versions of Astlinux starting at 0.7.0 > which uses a new version of Arno's firewall (with incompatible config > files--an issue that we're trying to address now). > > Darrick > > Lonnie Abelbeck wrote: >> Chris, >> >> Arno's Firewall by default denys traffic between LAN interfaces/ >> subnets. >> >> If you add to your config... >> >> INT_IF_TRUST="eth1 eth2" >> >> should do the trick. >> >> Lonnie >> >> >> >> On Mar 26, 2009, at 5:17 PM, Chris Abnett wrote: >> >>> I have 3 Interfaces set up on my Astlinux box as it is also used as >>> my Home router… >>> >>> Eth0 – Internet >>> Eth1 – LAN 1 (172.16.1.0/24) >>> Eth2 – LAN 2 (192.168.100.0/24) >>> >>> I want a device on the network behind eth1 to be able to reach a >>> device that is behind eth2.. say 172.16.1.99 being able to talk to >>> 192.168.100.2 (example) >>> >>> I am using arno’s firewall.. the astlinux box can talk to both >>> devices.. I just cant get the 2 nets to talk to each other.. >>> Any ideas? >>> -Christopher >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Astlinux-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal >>> to [email protected] >>> . >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [email protected] >> . > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected] > . > > ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
