Cheers Raylund
----- Original Message ----- From: "Jason Allen" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, December 23, 2004 11:40 AM
Subject: Re: [Security Firewall] MNF Configuration questions
Another rules question.
The web interface is not reading my /etc/shorewall/rules file correctly. Even if I make a change in that file, when I go to the rules section it doesn't display properly. It shows me what it previously had, and doesn't show any of the changes. How can I get it so the interface shows me the actual rules from the rules file?
Jason
Jason Allen wrote:
Ok I have the box up and running, next question... rules. When you go to add custom rule, in the client and server there is a field for "interface,IP or Subnet" .... I'd like to add a rule that applies to multiple IP addresses in a row i.e. 120.x.x.20 - 120.x.x.25. What's the syntax for entering that into the box so MNF will read it and apply the rules correctly?
Jason
Florin wrote:
http://shorewall.net/shorewall_setup_guide.htm#Routed
Jason Allen <[EMAIL PROTECTED]> writes:
OK guys MNF Setup questions. Hopefully someone can help. I have a machine w/ 2 nics and the newest MNF beta2 installed on it. My WAN interface eth0 is configured at let's say 120.x.x.25 (fake address used for an example) and my LAN interface eth1 is configured at 130.x.x.1. This has to be this way due to a "front-porch" setup of our network. Now we have a pretty big network behind the 130.x.x.x network, everything is all set, but the 130.x.x.1 has to be the gateway that machines on the LAN use. How can I route all traffic from 130.x.x.x (LAN) to 120.x.x.25 (WAN) and out while keeping the routability of the addresses behind the LAN? What I mean is we have routable addresses on the LAN, so say I start an ssh session to a machine out in the world. I don't want the machine to see a connection coming from a standard source address, I need it to see the actual IP of that machine (we have a network based billing system). How can I route traffic from eth0 (LAN) to eth1 (WAN) (and vice versa for connections coming from the outside world) successfully via MNF? A Static route? Something different? A Masqerade rule would be something for private addresses like 192.168.x.x but I don't think that would keep the routability in tact (am I correct on that?). Once that is done, I can get all the rules in place.
Can someone help me make this happen? Does it have to be hard-coded in config files? It's kind of a short time scale as the higher-ups would like to get this working tomorrow morning, and I'm just not seeing how to make it happen. Thanks in advance,
Jason
------------------------------------------------------------------------
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
------------------------------------------------------------------------
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
-- Jason Allen Cornell University BRC Computing Facility 157 Biotechnology Bldg. CU Ithaca, NY 14853 (607) 227-6559 http://www.brc.cornell.edu
--------------------------------------------------------------------------------
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
