canislupusfamiliaris at gmail.com
Tue Oct 14 10:23:15 CEST 2014
Thank you very much!:-)
On 14 Oct 2014 07:50, "Arno van Amersfoort" <arnova at rocky.eld.leidenuniv.nl>
> This is a fairly simple setup. Just put all of your internal interfaces in
> INT_IF. INT_IF interfaces are shielded from each other by default. Put your
> external interface in EXT_IF (and configure EXT_IF_DHCP_IP etc.). You
> probably also want to enable NAT, enable NAT=1 for this. That's it.
> On 13-Oct-14 20:48, Gene Cooper wrote:
>> Hi Morten,
>> You mean ETH1, right?
>> In previous situations, I have added simple firewall rules to block
>> 10.0.0.0/8 from 10.0.0.0/8. You might need to specify source or
>> destination interfaces, or whatever to make the rules more granular if
>> you need to, but that will mean you need more rules.
>> Also, drop 192.168.0.0/24 from 10.0.0.0/8 plus 10.0.0.0/8 from
>> There's probably a better way and I'm no firewall expert, but it's
>> simple and works. If there is a better way, I'd like to know too. ;-)
>> On 10/13/2014 08:05 AM, Morten wrote:
>>> I have six nics in a server that I will use as a firewall/router.
>>> They are setup like this:
>>> eth0: 192.168.1.0/24 <http://192.168.1.0/24>
>>> eth1: dhcp (external / internet)
>>> eth2: 10.0.0.0/24 <http://10.0.0.0/24>
>>> eth3: 10.0.1.0/24 <http://10.0.1.0/24>
>>> eth4: 10.0.2.0/24 <http://10.0.2.0/24>
>>> eth5: 10.0.3.0/24 <http://10.0.3.0/24>
>>> eth6: 10.0.4.0/24 <http://10.0.4.0/24>
>>> I don't want any of the internal networks to be able to reach each
>>> other, but they should be able to connect to internet through eth2.
>>> How should i setup the configuration file correct?
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> Arno's (Linux IPTABLES Firewall) Homepage:
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firewall