sorry, thats simon not aimon ;)
>
>
> aimon, thanx.
>
> the switch though must still be vlan capable or even basic taiwanese switches
> will do?
>
> >
> > Linux Advocate wrote:
> >
> > >i thought vlans could only be done by switches, not by shorewall.
> > >cant seem to find the doc page about vlan setup at the shorewall
> > >site. or is thevlan setup done in the OS and not thru shorewall?
> >
> > The setup is done in the OS, for example, this is a snippet from a
> > Debian /etc/network/interfaces file :
> >
> > >auto ethint
> > >iface ethint inet static
> > > address 10.1.1.1
> > > netmask 255.255.255.0
> > > vlan_raw_device ethint
> > > up echo "Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD" >
> /proc/net/vlan/config
> > >
> > >
> > >auto vlan101
> > >iface vlan101 inet static
> > > address 10.1.101.1
> > > netmask 255.255.255.0
> > > vlan_raw_device ethint
> > > up echo 1 > /proc/sys/net/ipv4/conf/vlan101/arp_filter
> > > up echo 2 > /proc/sys/net/ipv4/conf/vlan101/arp_ignore
> > > up echo 1 > /proc/sys/net/ipv4/conf/vlan101/rp_filter
> > >
> > >
> > >auto vlan102
> > >iface vlan102 inet static
> > > address 10.1.102.1
> > > netmask 255.255.255.0
> > > vlan_raw_device ethint
> > > up echo 1 > /proc/sys/net/ipv4/conf/vlan102/arp_filter
> > > up echo 2 > /proc/sys/net/ipv4/conf/vlan102/arp_ignore
> > > up echo 1 > /proc/sys/net/ipv4/conf/vlan102/rp_filter
> >
> >
> > Then for the Shorewall config.
> > Interfaces :
> > >net ethext detect
> > >tcpflags,routefilter,nosmurfs,logmartians,arp_filter,arp_ignore=1
> > >tech ethint detect
> >
> >tcpflags,detectnets,nosmurfs,routeback,dhcp,routefilter,arp_filter,arp_ignore=2
> > >cust vlan+ detect tcpflags,nosmurfs,routeback,dhcp
> >
> > zones:
> > >fw firewall
> > >net ipv4
> > >tech ipv4
> > >cust ipv4
> >
> > and configure your policies and rules are required
> >
> > For this particular box, I configured the native ethint to be a
> > 'tech' subnet with things like the network switches and any shared
> > services (eg DNS). One VLAN was allocated to each tenant, with DHCP
> > DNS, etc all provided. Policies were set to block everything except
> > cust->net, and then permit only those other connections (eg cust ->
> > tech for DNS) required for things to work.
> >
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
