Arghhh. Not sure we're on the same page.
The variables in the firewall.conf space are *not* generalized, system-wide variables that have been carefully picked to not collide with anything else... Arno controls his firewall, and picks his variable names, etc. We "bleed through" our variable names via astlinux.conf, which takes Astlinux variables, and munges their names, formats, etc. into the Arno space very carefully. Example: INT*IP/INT*NM => INTERNAL_NET INT*IF => INT_IF IPSEC_PSK_ASSOCIATIONS => IPSEC_VPN_NETS etc. Darrick Hartman wrote: > Lonnie, > > I think you need to be clear on this. We're trying to encourage users > NOT to directly edit the firewall.conf file, but rather take the > variable (in this case INT_IF_TRUST) and add it to their user.conf file > in /mnt/kd/rc.conf.d/ (or /mnt/kd/rc.conf if using just the single file). > > Also is, there a web interface check box for this option? > > Directly editing the firewall.conf file will require additional work in > the future when migrating to versions of Astlinux starting at 0.7.0 > which uses a new version of Arno's firewall (with incompatible config > files--an issue that we're trying to address now). > > Darrick > > Lonnie Abelbeck wrote: > >> Chris, >> >> Arno's Firewall by default denys traffic between LAN interfaces/subnets. >> >> If you add to your config... >> >> INT_IF_TRUST="eth1 eth2" >> >> should do the trick. >> >> Lonnie >> >> >> >> On Mar 26, 2009, at 5:17 PM, Chris Abnett wrote: >> >> >>> I have 3 Interfaces set up on my Astlinux box as it is also used as >>> my Home router… >>> >>> Eth0 – Internet >>> Eth1 – LAN 1 (172.16.1.0/24) >>> Eth2 – LAN 2 (192.168.100.0/24) >>> >>> I want a device on the network behind eth1 to be able to reach a >>> device that is behind eth2.. say 172.16.1.99 being able to talk to >>> 192.168.100.2 (example) >>> >>> I am using arno’s firewall.. the astlinux box can talk to both >>> devices.. I just cant get the 2 nets to talk to each other.. >>> Any ideas? >>> -Christopher >>> ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
