[Shorewall-users] Shorewall Rules and Configurations

Sun, 08 Mar 2009 19:36:44 -0700 

Hi,


I need a help... I'm a beginner with shorewall.



I have two shorewall firewalls, each with a link.


FW (a) - w/ openVPN
eth0 = 192.168.150.5/24
eth1 = 192.168.200.5/24
eth2 = public IP
eth3 = 192.168.120.5/24
tun240 = 10.240.255.1

/etc/shorewall/zones
all zones declared as ipv4

/etc/shorewall/interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
tlm     eth0            detect          routefilter,tcpflags,dhcp
adm     eth1            detect          routefilter,tcpflags,dhcp
net     eth2            detect          norfc1918,tcpflags,routefilter
sis     eth3            detect          routefilter,tcpflags
l240     tun240           -


/etc/shorewall/tunnels
#TYPE                   ZONE    GATEWAY         GATEWAY
#                                               ZONE
openvpn:3865            net     122.x.y.120
openvpn:3845            net     222.x.y.93

/etc/shorewall/hosts
#ZONE   HOST(S)                                 OPTIONS
layer240     tun240:192.168.240.0/24



FW(b) - w/ openVPN
eth0 = 192.168.100.5/24
eth1 = 192.168.200.6/24    # Its running at same network with FW(a)
eth2 = public IP
tun190 = 10.190.255.1

/etc/shorewall/zones
all zones declared as ipv4

/etc/shorewall/interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
gar     eth0            detect          routefilter,tcpflags,dhcp
tlm     eth1            detect          routefilter,tcpflags,dhcp
net     eth2            detect          norfc1918,tcpflags,routefilter
nfp     tun190          -

/etc/shorewall/tunnels
#TYPE                   ZONE    GATEWAY         GATEWAY
#                                               ZONE
openvpn:3875            net     202.x.y.115


/etc/shorewall/hosts
#ZONE   HOST(S)                                 OPTIONS
nfp     tun190:192.168.1.0/24,192.168.168.0/24    # Is correct? How I can 
list two networks?



My questions are:

1) In FW(b), /etc/shorewall.hosts, Is it correct my configuration?
2) How can I make a rule to allow a remote vpn connect to both firewalls?
3) For all internals networks ('adm', 'sis', 'tlm' and 'gar'), the proxy 
service is running at FW(a) and the access to 'nfp' zone/network, is running 
at FW(b).
    3a) I need, from FW(a), 'adm' zone, make a rule to redirect (use), by 
FW(b), the route and vpn to 'nfp' zone.
    3b) I need, from FW(b), 'tlm' zone, make a rule to redirect (use), at 
FW(a), the proxy service.


I'm sorry, but I need yours help.


Best Regards,
Anderson Watanabe


------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to