<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>Just downloaded
Firehol for the first time and can't find an example with what I am trying to
do, so i thought i would ask :-).</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>I am running 3
ethernet interfaces, eth0 - ADSL, eth1 - LAN, eth2 - Cable, </FONT></SPAN><SPAN
class=578243123-28112003><FONT face=Arial size=2>and I only want a few of my
internet machines to have internet access, the rest I want to be denighed
access, I need to keep them on the same subnet, with a default of
denigh.</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>Would be it easier
to do it by mac address, I have all the mac addresses of the machines I want to
give access to.</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>The list can grow
upto 20 machines, is the an easier way to list them, so that I can # out the
ones I don't want access at certain times?</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2>e.g.</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2>accepted_ips="</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>192.168.2.96
</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>192.168.2.42
</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>#192.168.2.54
</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>192.168.2.66
</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>192.168.2.<SPAN
class=578243123-28112003>1</SPAN>74"</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial size=2>What I have come up
with is as follows.</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578243123-28112003><FONT face=Arial
size=2>--------------------------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578243123-28112003>
<P><FONT face=Arial size=2># Require release 5 of FireHOL configuration
directives</FONT></P>
<P><FONT face=Arial size=2>version 5</FONT></P>
<P><FONT face=Arial size=2># Transparent Proxy</FONT></P>
<P><FONT face=Arial size=2>transparent_squid 8080 "squid root" inface
eth1</FONT></P>
<P><FONT face=Arial size=2># Internal Network IP Address</FONT></P>
<P><FONT face=Arial size=2>lan_ips="192.168.2.0/24"</FONT></P>
<P><FONT face=Arial size=2>accepted_ips="192.168.2.96 192.168.2.42 192.168.2.54
192.168.2.66 192.168.2.<SPAN class=578243123-28112003>1</SPAN>74"</FONT></P>
<P><FONT face=Arial size=2># LAN</FONT></P>
<P><FONT face=Arial size=2>interface eth1 lan src "${lan_ips}"</FONT></P>
<P><FONT face=Arial size=2>policy reject</FONT></P>
<P><FONT face=Arial size=2>server dns accept</FONT></P>
<P><FONT face=Arial size=2>server squid accept</FONT></P>
<P><FONT face=Arial size=2>server ssh accept</FONT></P>
<P><FONT face=Arial size=2>server http accept</FONT></P>
<P><FONT face=Arial size=2>server ftp accept</FONT></P>
<P><FONT face=Arial size=2>server smtp accept</FONT></P>
<P><FONT face=Arial size=2></FONT> </P>
<P><FONT face=Arial size=2>interface "eth0 eth2" internet src not "${lan_ips}
${UNROUTABLE_IPS}"</FONT></P>
<P><FONT face=Arial size=2>protection strong 10/sec 10</FONT></P>
<P><FONT face=Arial size=2>server ssh accept</FONT></P>
<P><FONT face=Arial size=2>server http accept</FONT></P>
<P><FONT face=Arial size=2>server ident reject with tcp-reset</FONT></P>
<P><FONT face=Arial size=2>client all accept</FONT></P>
<P><FONT face=Arial size=2></FONT> </P>
<P><FONT face=Arial size=2>router lan2internet inface eth1 outface
eth0</FONT></P>
<P><FONT face=Arial size=2>masquerade</FONT></P>
<P><FONT face=Arial size=2>route ${accepted_ips} accept</FONT></P>
<P><FONT face=Arial size=2></FONT> </P>
<P><FONT face=Arial size=2>router internet2lan inface eth0 outface
eth1</FONT></P>
<P><FONT face=Arial size=2>masquerade reverse</FONT></P>
<P><FONT face=Arial size=2>client all accept</FONT></P>
<P><FONT face=Arial size=2>server ident reject with tcp-reset</FONT></P>
<P><SPAN class=578243123-28112003><FONT face=Arial
size=2>-----------------------------------------------------------------</FONT></SPAN></P>
<P><SPAN class=578243123-28112003><FONT face=Arial size=2>Any help would be very
much appreciated.</FONT></SPAN></P>
<P><SPAN class=578243123-28112003><FONT face=Arial
size=2>James</FONT></SPAN></P></SPAN></DIV></BODY></HTML>