[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Setting up VPNs with Shorewall tips from Tom

Tom rulez.


--On Saturday, January 25, 2003 11:08 PM -0600 Bret Hughes 
<bhughes@elevating.com> wrote:

> I have a firewall running Shorewall 1.3.13-1 from rpm on a redhat 7.3
> box.  The box has three nics assigned to zones loc net and dmz.  We also
> have multiple vpn links accomplished via ssh tunnels,  These links all
> come from dynamic IP addresses with known private subnets behind them.
> There are basically two types of networks these vpns connect, one with
> access to almost everything and one with very limited ssh and mail only
> access to the loc zone.
> The issue that I have is that while I know the internal ip and subnets
> if the hosts on the far end of the tunnels I have no control over the
> interface ppp? that these connections get assigned to.
> How can I build rules to not open up everything to all ppp interfaces?
> Everything I have read implies the knowledge of the interface.

In /etc/shorewall/zones:


In /etc/shorewall/interfaces:

-	ppp+	

In /etc/shorewall/hosts:

z1	ppp+:<remote subnet 1a>[,<remote subnet 1b>, ...]
z2	ppp+:<remote subnet 2a>[,<remote subnet 2b>, ...]

Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net


To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.