What is the web interface reading?? I fixed my issue by editing the /mnt/kd/arno-iptables-firewall/firewall.conf file.
When I go to the web interface and go to the firewall configuration it says there are no rules defined.... please don't tell me I need to start over - ive got a lot of rules.. the immediate issue is fixed.. but what is the *Right* way to admin my machine so that in furute I don't wipe things when I re-compile and upgrade?.. I have been used to using both the Gui and editing the Config files for Asterisk itself using the asterisk-gui and have seen no ill effects.... But does the alt-web interface first read the configs and then populate the web gui or is there a separate database where the gui stores its info and then writes out the configs.. -Christopher -----Original Message----- From: Philip Prindeville [mailto:[email protected]] Sent: Thursday, March 26, 2009 8:56 PM To: AstLinux Users Mailing List Subject: Re: [Astlinux-users] How to route between Internal Interfaces? Arghhh. Not sure we're on the same page. The variables in the firewall.conf space are *not* generalized, system-wide variables that have been carefully picked to not collide with anything else... Arno controls his firewall, and picks his variable names, etc. We "bleed through" our variable names via astlinux.conf, which takes Astlinux variables, and munges their names, formats, etc. into the Arno space very carefully. Example: INT*IP/INT*NM => INTERNAL_NET INT*IF => INT_IF IPSEC_PSK_ASSOCIATIONS => IPSEC_VPN_NETS etc. Darrick Hartman wrote: > Lonnie, > > I think you need to be clear on this. We're trying to encourage users > NOT to directly edit the firewall.conf file, but rather take the > variable (in this case INT_IF_TRUST) and add it to their user.conf file > in /mnt/kd/rc.conf.d/ (or /mnt/kd/rc.conf if using just the single file). > > Also is, there a web interface check box for this option? > > Directly editing the firewall.conf file will require additional work in > the future when migrating to versions of Astlinux starting at 0.7.0 > which uses a new version of Arno's firewall (with incompatible config > files--an issue that we're trying to address now). > > Darrick > > Lonnie Abelbeck wrote: > >> Chris, >> >> Arno's Firewall by default denys traffic between LAN interfaces/subnets. >> >> If you add to your config... >> >> INT_IF_TRUST="eth1 eth2" >> >> should do the trick. >> >> Lonnie >> >> >> >> On Mar 26, 2009, at 5:17 PM, Chris Abnett wrote: >> >> >>> I have 3 Interfaces set up on my Astlinux box as it is also used as >>> my Home router. >>> >>> Eth0 - Internet >>> Eth1 - LAN 1 (172.16.1.0/24) >>> Eth2 - LAN 2 (192.168.100.0/24) >>> >>> I want a device on the network behind eth1 to be able to reach a >>> device that is behind eth2.. say 172.16.1.99 being able to talk to >>> 192.168.100.2 (example) >>> >>> I am using arno's firewall.. the astlinux box can talk to both >>> devices.. I just cant get the 2 nets to talk to each other.. >>> Any ideas? >>> -Christopher >>> ---------------------------------------------------------------------------- -- _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected]. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
