On Vendredi 11 Mai 2001 23:14, you wrote :
> functional setup with multiple ethernet cards (the same model and different
> manufactures).
>
> I'm not even close to having a functional firewall with the configuration I
> have. (5x86 clone, 3 eth's, 2.5 gb, 63M, etc.) Installation works except
> for the network configuration. But where can I find some documentation?
>
> Not disappointed, guess I was expecting more from Mandrake.
I haven't seen any reply to this, so I'll answer :-)
You say that the network configuration doesn't work, could you tell us the
exact problems you have (during installation, or from the web interface);
this way we might be able to help you or improve the product in the future.
DMZ are not supported in the current product (obviously you can still hack
manually or add some features to the product yourself, but you can't do it
simply).
For network configuration with several nics (expecially when > 2), there are
a few flaws at different levels (but again the main target was a private
network and a single interface to the internet/external network) :
- the hardware detection part is great for pci nics (at least most of them),
but isa is much more problematic
- when you have several cards, the current code might make it a bit
tricky to be able to configure them. For instance at home I have nearly the
worst case: two isa cards handled by the same "ne" module. I have to choose
the module myself and set the io address for both cards on the *same* line
(that is, I put "0x340,0x300" when I'm asked for "io" during the
installation). This makes loading the module and detect both cards
appropriately. You may have to put this 2 or 3 times because this is not yet
handled correctly, but in the end you manage to configure this. We will have
to improve this part of drakxtools in the future. The web interface is not
really better, except for one part: we present interfaces in a more practical
way, but this is easier to do than at installation time (listing mac
addresses for instance).
- our web tool configuration is currently more targeted at a 2 interfaces
situation (one internal and one external), but we did not prevent other
possibilities; it's just far less tested and less configurable. I think we'll
have to work on a concept of "zones" to make it more extensible and handle
the advanced cases (dmz, vpn, more detailed filters, routing), while using
the 2.4 kernel for its advanced network-related features.
Anyway thanks for the feedback !
Renaud
