Hello!
I have installed Shorewall for my LAN firewall. This is my first firewall
setup with Shorewall.
It has two real interfaces.
"eth1" is the external interface with a Public IP.
"eth0" is the internal interface with a private IP.
The private IP is 172.16.1.1. All the machines on the LAN have 172.16.1.X
addresses.
It all works. All the machines can access the web and talk to others on the
LAN.
All the rules I add get applied ok.
I want to set it up to support "guest" machines that plug into the LAN but are
on a different subnet.
I added the 10.16.1.1 address to the firewall eth0 interface, so it has BOTH
addresses.
172.16.1.1
10.16.1.1
I next connect a machine that has the address 10.16.1.20 to the LAN.
The guest should have full access to & from the internet.
But it should not have access to any of the machines on the 172.16.1.X LAN.
So far from this machine I can only ping to the router 10.16.1.1
There is no internet access from it at all. I can not even just ping to
1.1.1.1.
What Shorewall ruleset do I need to just allow this guest access to the
internet but keep it isolated to its 10.16.1.X segment?
Thanks a lot.
Dave Grolen
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
