Hi, Listen I don't want to be an ass... No really.. I don't!
But would the use shorewall not make it easier? Or even the IPcop distribution? Seriously, I'd like to know the reasoning behind choosing the manual route instead of a easier automated one. Thanks, Mark Bradley Alexander wrote: > I am trying to configure a firewall, but nailing down the configuration > is eluding me. The box is running Debian stable. I have tried with > iproute2 (I'm including a description below), but not gotten the > intended effect. I have tried the lartc list, to no avail. A friend of > mine suggested setting up a virtual server for one set of interfaces and > running the other set on the native machine. Which is the best approach > to this? Muddling through the iproute2 configuration, or the virtual > server route? If virtual server, which would be the best one? Qemu? Xen? > VMware player or server (Free as in beer, but not is in speech)? > > Basically, I have a rackmount server with six network interfaces (2 > onboard and a quad card). eth0 is the internal network, eth1 is a kiosk > network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a > DSL connection and eth4 is a cablemodem connection. > > What I am trying to do is route all internal traffic out the DSL > connection (eth0 to eth3), and the two dmzs, kiosk and wireless out the > cable connection (eth1 and eth2 to eth4). Thus far as I have been unable > to get this to work. > > For the sake of the discussion, the internal network is 10.1.1.0/24, the > kiosk is 172.16.1.0/24 and the dmz/wireless is 192.168.1.0/24. The dsl > line is 1.2.3.4 and the cable line is 9.8.7.6. > > I added the following to rt_tables: > > 1 internal > 2 kiosk > 3 dmz > > then created a script > > ip rule add from 10.1.1.0/24 table internal > ip route add default via 1.2.3.4 dev eth3 table internal > > ip rule add from 172.16.1.0/24 table kiosk > ip route add default via 9.8.7.6 dev eth4 table kiosk > > ip rule add from 192.168.1.0/24 table dmz > ip route add default via 9.8.7.6 dev eth4 table dmz > > When I run this script, it does not do what I expect, especially after > running the firewall rules atop it. I thought I had it nailed, but it > wasn't working as expected, and I really couldn't test very well. > > I'm hoping some kind soul on this list might have a few minutes for an > email exchange to help me get this sorted out. If so, please email me > off-list. I'm sure its probably something that I overlooked, but I'm at > a loss as to what. > > Regards, > --b > > > -- www: http://menem.mine.nu/blog/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
