Hello,
I would appreciate any feedback/suggestions on my Shorewall configuration for a
standalone laptop Debian Squeeze configuration for ppp0 and wlan0, set out
below:
------------------
My current system:
------------------
I have successfuly configured Shorewall 4.4.11.6 on my standalone Debian
Squeeze laptop for a ppp0 (Mobile broadband) connection using GNOME PPP, works
great (refer to bottom of this message for 'ip addr show' and 'ip route show'
outputs), using the following:
/etc/ppp/ip-up.d/mobile:
#!/bin/sh
/sbin/shorewall restart
fi
(Refer: http://sourceforge.net/mailarchive/message.php?msg_id=19774645 )
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 - tcpflags,logmartians,nosmurfs
/etc/default/shorewall:
startup=0
wait_interface="ppp0"
-----------------------
What I'm wanting to do:
-----------------------
I want to configure Shorewall to work with my ppp0 and wlan0 connections. I
will use one or the other connection at a time, but I will only be connecting
once the desktop is loaded using Wicd.
I have followed the instructions at http://shorewall.net/Laptop.html , and
added the following to:
/etc/shorewall/interfaces:
net wlan0 detect dhcp,tcpflags,logmartians,nosmurfs
-----------------------------------
My concerns with the current setup:
-----------------------------------
1. My understanding is that when a connection goes up, shorewall needs to be
restarted. I have got that covered for my ppp0 connection in
/etc/ppp/ip-up.d/mobile (refer "My current setup" above) but assume I have to
do the same with wireless connections by copying:
/etc/ppp/ip-up.d/mobile
TO:
/etc/wicd/scripts/postconnect/mobile
(Refer:
http://wicd.sourceforge.net/moinmoin/Adding%20pre%20and%20post%20%28dis%29connection%20scripts
)
If anyone can confirm or trash my understanding and/or assumption on this I
would appreciate it.
2. I have read in passing posts about Shorewall that there is a slight delay
between connecting to a network and Shorewall restarting. Is this a significant
security issue or is there a way around it?
Thank you in advance for any advice/assistance you can give on my setup.
Cheers,
Toby
--------------------------
/sbin/shorewall version
4.4.11.6
--------------------------
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen
1000
link/ether 00:0d:93:59:48:54 brd ff:ff:ff:ff:ff:ff
4: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen
1000
link/ether 00:11:24:26:bd:57 brd ff:ff:ff:ff:ff:ff
11: usbpn0: <POINTOPOINT,NOARP> mtu 65541 qdisc noop state DOWN qlen 3
link/[820] 1b peer 00
family 35 ???/0 scope link
12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 3
link/ppp
inet 118.149.24.25 peer 10.6.6.6/32 scope global ppp0
--------------------------
ip route show
10.6.6.6 dev ppp0 proto kernel scope link src 118.149.24.25
default dev ppp0 scope link
--------------------------
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
