On 12/13/2010 03:12 PM, sond wrote: > 2010/12/13 Tom Eastep <[email protected]>: >> On 12/13/10 9:36 AM, sond wrote: >> >> FORGET THE NAMES. You have a two-port bridge; that's exactly what the >> article has. >> > > Ok I'm sorry. My fault , my thoughts was confused. > I have the portA (link layer interface eth0) and portB (link layer > interface tap0). > I hope I'm ok with this basic configuration. Can you check it out? > > world br0 192.168.100.255 bridge,routeback > net br0:eth0 > loc br0:tap0 > > fw firewall > world ipv4 > net:world bport > vpn:world bport > > vpn net ACCEPT > net vpn ACCEPT > net world ACCEPT > world net ACCEPT > net all DROP info > all all REJECT info
I can't possibly comment about the policies without knowing what type of security you want to enforce. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
