shorewall-users June 2011 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: [Shorewall-users] Shorewall bridge (newbridge)

[Shorewall-users] Shorewall bridge (newbridge) configuration

From: David Rayner <dave_rayner_at_nospam>
Date: Mon Jun 06 2011 - 17:02:53 GMT
To: <shorewall-users@lists.sourceforge.net>

I have configured a Fedora 15 installation to operate as a two interface
bridge.

I have followed the instructions from
http://www.shorewall.net/3.0/NewBridge.html and configured shorewall, but
cant seem to restrict traffic from a pc within the net zone.

The local zone and net zone pc's share the same ip subnet, 192.168.7.x but
when the firewall is started I can still ping from the pc (192.168.7.116) on
the net zone to any pc on the local zone.

The ip addresses seem correctly assigned to the correct zones. If I try to
ping from the bridge to the pc on the net zone I receive fw2net messages in
the log, and fw2loc when pinging a pc on the local zone.

It appears I am missing something, any pointers would be appreciated.

See below for my config:

Hosts:
#ZONE HOST(S) OPTIONS
loc br0:192.168.7.0/24!192.168.7.116

Rules:
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
loc net ACCEPT
net all DROP info
All all REJECT info

Interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net br0 192.168.7.255

Zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc:net ipv4

Thanks in advance
David

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users