On Oct 14, 2010, at 3:06 AM, Graham S. Jarvis wrote: > Hello Lonnie, > > This was a case of "take a deep breath" . . . > I was configuring the routing on the wrong network and pointing my PC at the > wrong DNS server, so there was no way I'd get across to the other network. > All is now as required. >
Ahhh, glad you got your arms around it. :-) > I'd still like to know the difference between TRUSTED_IF and IF_TRUSTS. >From the AIF firewall.conf file: # (EXPERT SETTING!) (Other) trusted network interfaces for which ALL IP # traffic should be ACCEPTED. (multiple(!) interfaces should be space # separated). Be warned that anything TO and FROM these interfaces is allowed # (ACCEPTED) so make sure it's NOT routable(accessible) from the outside world # (internet)! And of course putting one of your external interfaces here would # be extremely stupid. # ----------------------------------------------------------------------------- TRUSTED_IF="" # (EXPERT SETTING!) Put here the interfaces that should trust # each other (accept forward traffic). You can use | (piping-sign) to create # seperate interface groups. And (again) of course putting one of your external # interfaces here would be extremely stupid. # ----------------------------------------------------------------------------- IF_TRUSTS="" The latter, IF_TRUSTS is more selective, particularly when more than two interfaces are defined. In AstLinux I would not directly use either, but rather the ALLOWLANS, OVPN_ALLOWLAN and OVPNC_ALLOWLAN variables indirectly builds the AIF IF_TRUSTS variable... ## Allow LAN to LAN traffic for internal interfaces, defaults to disallow ## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface ## Separate groups using a ~ (tilde) #ALLOWLANS="INTIF INT2IF" #ALLOWLANS="INTIF INT2IF~INTIF INT3IF" ## Allow OpenVPN Server tunnel to one LAN Interface, defaults to disallow ## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface #OVPN_ALLOWLAN="INTIF" ## Allow OpenVPN Client tunnel to one LAN Interface, defaults to disallow ## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface #OVPNC_ALLOWLAN="INTIF" If you are using the web interface this is all done for you with check-boxes. Should you define all three, the resulting IF_TRUSTS can get complicated, but that is a feature of the AstLinux special-sauce. I know, it is a little confusing. :-) Lonnie > > > Many thanks for your help! > > -Graham- ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
