I didn't know I wasn't supposed to edit the firewall.conf file directly.. that is how I have been setting up all my firewall rules... is by editing the file directly....
Setting the int_if trust parameter works like a champ.... thank you for the tip... As for setting up my networks? I purposely wanted the devices on eth2 on a different subnet than my devices on eth1.. and normally they don't have to talk to each other except when I want to Config one of them from a laptop located in the other network... its done this way purposely.... Im not real big on using web interfaces for anything and everything... am I really supposed to be using the web interface in this case? Does the interface not go and look at the firewall file and read all of its contents before writing changes? -Christopher -----Original Message----- From: Lonnie Abelbeck [mailto:[email protected]] Sent: Thursday, March 26, 2009 8:07 PM To: AstLinux Users Mailing List Subject: Re: [Astlinux-users] How to route between Internal Interfaces? On Mar 26, 2009, at 6:31 PM, Darrick Hartman wrote: > Lonnie, > > I think you need to be clear on this. We're trying to encourage users > NOT to directly edit the firewall.conf file, but rather take the > variable (in this case INT_IF_TRUST) and add it to their user.conf > file > in /mnt/kd/rc.conf.d/ (or /mnt/kd/rc.conf if using just the single > file). Yes, adding to user.conf (Advanced User System Variables) is what I meant. > > Also is, there a web interface check box for this option? Not for this case. The Firewall tab has a setting that uses the INT_IF_TRUST variable related to OpenVPN... __ Allow OpenVPN tunnel to the [ 1st LAN Interface ] It is best if the network is designed so different LAN's don't have the need to talk with each other. Another option is to define a LAN and a DMZ subnet and add DMZ to LAN rules. Which can all be done via the web interface. The last option is as suggested... INT_IF_TRUST="eth1 eth2" Lonnie > Directly editing the firewall.conf file will require additional work > in > the future when migrating to versions of Astlinux starting at 0.7.0 > which uses a new version of Arno's firewall (with incompatible config > files--an issue that we're trying to address now). > > Darrick > > Lonnie Abelbeck wrote: >> Chris, >> >> Arno's Firewall by default denys traffic between LAN interfaces/ >> subnets. >> >> If you add to your config... >> >> INT_IF_TRUST="eth1 eth2" >> >> should do the trick. >> >> Lonnie >> >> >> >> On Mar 26, 2009, at 5:17 PM, Chris Abnett wrote: >> >>> I have 3 Interfaces set up on my Astlinux box as it is also used as >>> my Home router. >>> >>> Eth0 - Internet >>> Eth1 - LAN 1 (172.16.1.0/24) >>> Eth2 - LAN 2 (192.168.100.0/24) >>> >>> I want a device on the network behind eth1 to be able to reach a >>> device that is behind eth2.. say 172.16.1.99 being able to talk to >>> 192.168.100.2 (example) >>> >>> I am using arno's firewall.. the astlinux box can talk to both >>> devices.. I just cant get the 2 nets to talk to each other.. >>> Any ideas? >>> -Christopher >>> ---------------------------------------------------------------------------- -- >>> _______________________________________________ >>> Astlinux-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal >>> to [email protected] >>> . >> >> >> ---------------------------------------------------------------------------- -- >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to [email protected] >> . > > > ---------------------------------------------------------------------------- -- > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to [email protected] > . > > ---------------------------------------------------------------------------- -- _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected]. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
