On 12/13/10 9:36 AM, sond wrote: > 2010/12/13 Tom Eastep <[email protected]>: >> On 12/13/10 3:48 AM, sond wrote: >> >> >> In the scenarios covered by that article, firewalling is not required. >> If you need to firewall traffic to/from the remote hosts, then see >> http://www.shorewall.net/bridge-Shorewall-perl.html. > > > Thanks Tom for the tip, I've read the link you suggest me. > Some questions arise from the lecture: > > 1- In my scenario there's no "net:world" (in zones) and "net" (in > interfaces) zone because I've only eth0 and no eth1 phisical > interface. Consequently I have no > > net:world bport > net all DROP > net bport:eth1 > > in the zones, policy, interfaces configuration files. Right? > Is it an error write net/bport:eth0 in spite of I have a > loc/bport:eth0 in the interfaces file? >
FORGET THE NAMES. You have a two-port bridge; that's exactly what the article has. > 2- How about PAT? If I want to reach a shared folder inside a lan host > with no vpn connection is it possible with this firewall configuration > to use the DNAT rules in the relative file? I'm lost. You have a bridge so everything should be in one IP network and one broadcast domain. Why do you need any form of NAT? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
