On Wed, 27 Sep, 2006 at 07:53:01 +0100, B.Weber@warwick.ac.uk wrote: <snip>
my question is,
how do i tell my SuSEFirewall to separate the traffic for the 3 links, i want the windows server to sit behind the firewall. probably in a DMZ. but it's traffic should only pass through one of the other 2 links.
You can load additional custom rules into SuSEfirewall2 using the /etc/sysconfig/scripts/SuSEfirewall2-custom file, after enabling it in /etc/sysconfig/SuSEfirewall2.
True.
I'm not entirely sure if I understand your question correctly,
Me neither... :P <snip>
The methods for doing such things are described in full at lartc.org I suggest you read there.
Sound advice, but
------
<big snip> In general... If you want to do complicated routing/firewalling, but for some reason aren't up to the task of understanding iptables... Replace SuSEfirewall with Shorewall. It's been a while since I last did anything serious with Shorewall (if you don't count setting up proxyarping for use with my new ISP) and I'm not sure where it's at these days, but: Anything involving three WAN links, DMZ, server, LAN, and the rules to control all that, *will* inherently become somewhat complicated. What Shorewall does is substitue the horrors^H^H^H^H^H^H^H complexity of iptables for a very comprehensive and supremely well documented set of configuration files. Basically Shorewall is vastly more capable than SuSEfirewall is, but still manages to be human readable, which raw iptables (IMHO) is not. HTH /Jon -- YMMV