Neal Murphy <neal.p.mur...@alum.wpi.edu> writes: > On Tuesday, September 18, 2012 05:59:47 PM lee wrote: >> Neal Murphy <neal.p.mur...@alum.wpi.edu> writes: >> > So yes, if you want 'real' networking, you'll need bridges and taps. >> >> Thank you, I'll have to look into taps then. >> >> Do you think it's a good idea to just create a bridge device with the >> unused eth0 for this? I could leave eth1 as is and would basically only >> have to add a zone and appropriate policy and rules in the shorewall >> configuration. > > If that is the only firewall method you have then yes, enable forwarding, add > the bridge to a second shorewall zone, and add iptables rules that drop, > reject, allow and deny traffic as you desire. All of your VMs can easily be > tapped into the bridge.
The router has a firewall and I'm running shorewall on the host behind that. It should be save enough, and it gives me some things like traffic shaping which the router doesn't do. I'm not doing firewall testing and like to keep things simple. So now I know which way to go and what to read about, thanks :) -- Debian testing amd64 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87txutjzhq....@yun.yagibdah.de
