[Firewall] Question

Lonnie Abelbeck lists at lonnie.abelbeck.com
Thu Oct 16 01:00:28 CEST 2014


Hi Morten,

AIF comes with the "traffic-shaper" plugin, set SHAPER_IF to the interface(s) (typically the external) to act upon.

https://raw.githubusercontent.com/arno-iptables-firewall/aif/master/etc/arno-iptables-firewall/plugins/traffic-shaper.conf

Lonnie


On Oct 15, 2014, at 5:01 PM, Morten <canislupusfamiliaris at gmail.com> wrote:

> Hi again.
> 
> Is it possible to set a speed limit to internet at traffic that comes from one of the NICs, or do I have to use something else then Arno to do that?
> 
> Regards,
> Morten
> 
> On 14 Oct 2014 10:23, "Morten" <canislupusfamiliaris at gmail.com> wrote:
> Thank you very much!:-)
> 
> On 14 Oct 2014 07:50, "Arno van Amersfoort" <arnova at rocky.eld.leidenuniv.nl> wrote:
> This is a fairly simple setup. Just put all of your internal interfaces in INT_IF. INT_IF interfaces are shielded from each other by default. Put your external interface in EXT_IF (and configure EXT_IF_DHCP_IP etc.). You probably also want to enable NAT, enable NAT=1 for this. That's it.
> 
> a.
> 
> On 13-Oct-14 20:48, Gene Cooper wrote:
> Hi Morten,
> 
> You mean ETH1, right?
> 
> In previous situations, I have added simple firewall rules to block
> 10.0.0.0/8 from 10.0.0.0/8.  You might need to specify source or
> destination interfaces, or whatever to make the rules more granular if
> you need to, but that will mean you need more rules.
> 
> Also, drop 192.168.0.0/24 from 10.0.0.0/8 plus 10.0.0.0/8 from
> 192.168.0.0/24.
> 
> There's probably a better way and I'm no firewall expert, but it's
> simple and works.  If there is a better way, I'd like to know too.  ;-)
> 
> Thanks,
> 
> G
> 
> On 10/13/2014 08:05 AM, Morten wrote:
> Hi!
> 
> I have six nics in a server that I will use as a firewall/router.
> They are setup like this:
> 
> eth0: 192.168.1.0/24 <http://192.168.1.0/24>
> eth1: dhcp (external / internet)
> eth2: 10.0.0.0/24 <http://10.0.0.0/24>
> eth3: 10.0.1.0/24 <http://10.0.1.0/24>
> eth4: 10.0.2.0/24 <http://10.0.2.0/24>
> eth5: 10.0.3.0/24 <http://10.0.3.0/24>
> eth6: 10.0.4.0/24 <http://10.0.4.0/24>
> 
> I don't want any of the internal networks to be able to reach each
> other, but they should be able to connect to internet through eth2.
> 
> How should i setup the configuration file correct?
> 
> Regards,
> Morten
> 
> 
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list