I am trying to configure a firewall, but nailing down the configuration is eluding me. The box is running Debian stable. I have tried with iproute2 (I'm including a description below), but not gotten the intended effect. I have tried the lartc list, to no avail. A friend of mine suggested setting up a virtual server for one set of interfaces and running the other set on the native machine. Which is the best approach to this? Muddling through the iproute2 configuration, or the virtual server route? If virtual server, which would be the best one? Qemu? Xen? VMware player or server (Free as in beer, but not is in speech)?
Basically, I have a rackmount server with six network interfaces (2 onboard and a quad card). eth0 is the internal network, eth1 is a kiosk network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a DSL connection and eth4 is a cablemodem connection. What I am trying to do is route all internal traffic out the DSL connection (eth0 to eth3), and the two dmzs, kiosk and wireless out the cable connection (eth1 and eth2 to eth4). Thus far as I have been unable to get this to work. For the sake of the discussion, the internal network is 10.1.1.0/24, the kiosk is 172.16.1.0/24 and the dmz/wireless is 192.168.1.0/24. The dsl line is 1.2.3.4 and the cable line is 9.8.7.6. I added the following to rt_tables: 1 internal 2 kiosk 3 dmz then created a script ip rule add from 10.1.1.0/24 table internal ip route add default via 1.2.3.4 dev eth3 table internal ip rule add from 172.16.1.0/24 table kiosk ip route add default via 9.8.7.6 dev eth4 table kiosk ip rule add from 192.168.1.0/24 table dmz ip route add default via 9.8.7.6 dev eth4 table dmz When I run this script, it does not do what I expect, especially after running the firewall rules atop it. I thought I had it nailed, but it wasn't working as expected, and I really couldn't test very well. I'm hoping some kind soul on this list might have a few minutes for an email exchange to help me get this sorted out. If so, please email me off-list. I'm sure its probably something that I overlooked, but I'm at a loss as to what. Regards, --b -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
