[Firehol-support] Firehol on 3 interfaces
Carlos Rodrigues
carlos.efr at mail.telepac.pt
Thu Nov 2 12:58:27 GMT 2006
On 11/2/06, Marcus Williams <marcus at quintic.co.uk> wrote:
> Basically I have a working configuration for eth0 and eth1, but I want
> to add eth2 into the mix and only route certain IP addresses from the
> lan (rerouted_ips) through that interface.
Well, to make the routing decisions you cannot use FireHOL/iptables,
you'll have to tweak the kernel's routing rules using the "ip route"
(or the old "route") command (your distribution may have a way to
easily set up routing rules somewhere).
After those routing rules are in place, then you can write FireHOL
rules to do NAT and secure the thing. At first glance, the following
would suffice:
interface eth2 internetslow src not "${home_ips} ${UNROUTABLE_IPS}"
server ident reject with tcp-reset
client all accept
router internetslow2home inface eth2 outface eth0
masquerade reverse
client all accept
server ident reject with tcp-reset
--
Carlos Rodrigues
More information about the Firehol-support
mailing list