Philip, From the 'astlinux.shim' file:
# In this shim, we're invoked after /etc/arno-iptables-firewall/firewall.conf # has been read. We then read /etc/rc.conf, and paste in variables from # the latter file that should override whatever values were configured in # firewall.conf. Reason being that it should be easy to swap between # arno-iptables-firewall and astfw (and back again) with fewer values to # reconfigure. We are on the same page. What I posted does work (adding variables to rc.conf that are found in firewall.conf). The goal is to get people to NOT manually edit the firewall.conf file in /mnt/kd/arno-iptables-firewall at all. Darrick Philip Prindeville wrote: > Arghhh. > > Not sure we're on the same page. > > The variables in the firewall.conf space are *not* generalized, > system-wide variables that have been carefully picked to not collide > with anything else... Arno controls his firewall, and picks his > variable names, etc. > > We "bleed through" our variable names via astlinux.conf, which takes > Astlinux variables, and munges their names, formats, etc. into the Arno > space very carefully. > > Example: > > INT*IP/INT*NM => INTERNAL_NET > > INT*IF => INT_IF > > IPSEC_PSK_ASSOCIATIONS => IPSEC_VPN_NETS > > etc. > > > Darrick Hartman wrote: >> Lonnie, >> >> I think you need to be clear on this. We're trying to encourage users >> NOT to directly edit the firewall.conf file, but rather take the >> variable (in this case INT_IF_TRUST) and add it to their user.conf file >> in /mnt/kd/rc.conf.d/ (or /mnt/kd/rc.conf if using just the single file). >> >> Also is, there a web interface check box for this option? >> >> Directly editing the firewall.conf file will require additional work in >> the future when migrating to versions of Astlinux starting at 0.7.0 >> which uses a new version of Arno's firewall (with incompatible config >> files--an issue that we're trying to address now). >> >> Darrick >> >> Lonnie Abelbeck wrote: >> >>> Chris, >>> >>> Arno's Firewall by default denys traffic between LAN interfaces/subnets. >>> >>> If you add to your config... >>> >>> INT_IF_TRUST="eth1 eth2" >>> >>> should do the trick. >>> >>> Lonnie >>> >>> >>> >>> On Mar 26, 2009, at 5:17 PM, Chris Abnett wrote: >>> >>> >>>> I have 3 Interfaces set up on my Astlinux box as it is also used as >>>> my Home router… >>>> >>>> Eth0 – Internet >>>> Eth1 – LAN 1 (172.16.1.0/24) >>>> Eth2 – LAN 2 (192.168.100.0/24) >>>> >>>> I want a device on the network behind eth1 to be able to reach a >>>> device that is behind eth2.. say 172.16.1.99 being able to talk to >>>> 192.168.100.2 (example) >>>> >>>> I am using arno’s firewall.. the astlinux box can talk to both >>>> devices.. I just cant get the 2 nets to talk to each other.. >>>> Any ideas? >>>> -Christopher >>>> > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
