On Saturday 06 February 2010, Christopher Howard elucidated thus:
> > Are you using Shorewall? That always makes it a lot easier. I can
> > even send you my config files if you want.
> >
> > j
>
> Never even heard of it before I googled it two seconds ago.
Oh, read up on it. It makes network and firewall configuration so much
easier. Define your zones, associate those zones with interfaces, tell
shorewall which traffic to allow between which zones, and away you go.
You can go a whole lot more complex than that, of course, but the
basics are pretty easy. And a whole lot easier than straight iptables,
because Shorewall resolves all the dependencies, rule order, etc. I've
used it for years on my internet-sharing setups, and currently have it
set up on a wan/lan/dmz setup and it works great. Oh, and read up on
Proxy ARP: sweet little capability.
j
-- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ID 0x14EA086E --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Sat Feb 6 13:41:04 2010
This archive was generated by hypermail 2.1.8 : Sat Feb 06 2010 - 13:41:04 AKST