[Firehol-support] server per interface troubles

Les Stott les at cyberpro.com.au
Tue Dec 11 21:37:21 GMT 2007


Les Stott wrote:
> Sunny Dubey wrote:
>   
>> hey guys
>>
>> I have a server with eth0 and eth1, both have public IPs that fully work on 
>> the Internet.  I have configured my webserver to listen only on eth1, and 
>> have verified that it fully works.
>>
>> But the moment I attempt to use the following rules ... I can't reach my web 
>> server anymore.  What gives ?
>>
>>
>> interface "eth0 eth1" internet
>>
>>         # We allow some stuff in
>>         server ssh accept
>>         server smtp accept
>>         server http accept inface eth1
>>
>> Any ideas ??
>>
>>   
>>     
> i don't think you can do that with a server statement.
>
> you should just do this......
>
> interface eth0 internet
>      # We allow some stuff in
>     server ssh accept
>     server smtp accept
>
> interface eth1 web-internet
>    server http accept
>
> Its easier to follow that way.
>
>   
but of course you remember something after you hit the send button ;)

you can do it like this.....

interface "eth0 eth1" internet
        # We allow some stuff in
        server ssh accept
        server smtp accept
        group with dst "<IPADDRESSofETH1>"
          server http accept
        group end

Regards,

Les

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20071212/b5ce0a4e/attachment-0003.html>


More information about the Firehol-support mailing list