On Wed, 7 Mar 2007, John Andersen wrote:
On Tuesday 06 March 2007, Jon Clausen wrote:
I'm by no means an iptables authority, and I'll probably never become one either.
But Tom Eastep (Shorewall author) is. The guy is a wizard, and really knows his stuff. I've been using shorewall for years on Suse and now also on Kubuntu.
What ever you do READ the QUICK START GUIDES. It will save so much time.
Every site I maintain does egress filtering with Shorewall. Especially for port 25.
Could I get a sample of some of your configs? My main problem is as such.
I have SuSEfirewall working but complains from yast I would like to look
at shorewall, but I have not gotten configs correct.
I have a Class C network and all machine I want visiable to the world are
one it. I also have part of an other Class C that I share with others.
So I have a machine with three network cards as my router/firewall. Here
is a diagram that shows network. Most machines have two NIC's public and
private.
Internet Internet
| |
| X.X.X.X Partial Class C | Download Dynamic IP
| Y.Y.Y.Y Full Class C |__
| |
| System System |
| shared shared | DHCP IP
| storage storage |
--------- --------- --------- ---------
| | | | | | | |
| |---+ | | | | | |
| 1 | |P | 2 | | 3 | | 4 |
| | |B | | | | | |
| | | | | | | | |
| | |I | | | | | |
--------- |P --------- --------- ---------
| | | | |
| --------- | | |
| | HUB/ |-----------------+----------------+----
| | Switch| | | | |
| --------- | | | |
| | | Other Systems
| 192.168.x.x | | Unix/Linux
| | |
| & MS Machines | | MS Masquarded
---------- --------- --------- ---------
| HUB/ |-+ | | | | | |
| Switch | | | | | | | |
---------- | | 5 | | 6 | | 7 |...
+----| | | | | |
| | | | | | |
| --------- --------- ---------
+--------|---------------|---------------|
--
Boyd Gerber