[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Setting up VPNs with Shorewall tips from Tom



Tom rulez.

Mike808/

--On Saturday, January 25, 2003 11:08 PM -0600 Bret Hughes 
<bhughes@elevating.com> wrote:

> I have a firewall running Shorewall 1.3.13-1 from rpm on a redhat 7.3
> box.  The box has three nics assigned to zones loc net and dmz.  We also
> have multiple vpn links accomplished via ssh tunnels,  These links all
> come from dynamic IP addresses with known private subnets behind them.
>
> There are basically two types of networks these vpns connect, one with
> access to almost everything and one with very limited ssh and mail only
> access to the loc zone.
>
> The issue that I have is that while I know the internal ip and subnets
> if the hosts on the far end of the tunnels I have no control over the
> interface ppp? that these connections get assigned to.
>
> How can I build rules to not open up everything to all ppp interfaces?
> Everything I have read implies the knowledge of the interface.
>

In /etc/shorewall/zones:

z1
z2
z3
z4

In /etc/shorewall/interfaces:

-	ppp+	

In /etc/shorewall/hosts:

z1	ppp+:<remote subnet 1a>[,<remote subnet 1b>, ...]
z2	ppp+:<remote subnet 2a>[,<remote subnet 2b>, ...]
...

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net
------------------------------


---------------------------------------------
http://www.valuenet.net



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.