[Firehol-support] multi nic isolation single server

Costa Tsaousis costa at tsaousis.gr
Mon Nov 5 04:28:33 CET 2007


Ryan McDowell wrote:
> Hello everyone
>
> I have a simple question hopefully... I have a gatewayfirewallserver 
> machine that has multiple nic cards. I was able to set up my firewall 
> easily thanks to fireHol only thing I need to add is isolation between 
> nics. Well at least the internel ones. One nic is internet and the other 
> two are local net. I need to make sure that the two local nets can't 
> interact with each other. At present I can ping and web page view across 
> these two interfaces. One has an address zone of 192.168.10.0 the other 
> 192.168.11.0. I'm not an expert in networking. I hope this isn't a 
> stupid question. I hope you can help. Thanks Ryan Mc
>   
You need to configure your firehol.conf routers.
Example:

router pcs2servers inface eth0 outface eth1
   policy drop

The above will drop all REQUESTS (and their replies) going from eth0 to
eth1.
(it does not say anything about REQUESTS from eth1 to eth0 - you will
need another router to control that).

This way you can configure any combination of traffic between any number
of interfaces.

Keep in mind that the default policy for routers is RETURN, meaning that
traffic not matched by the server/client/route statements in the router,
will continue to be matched against the next routers in the config file.


Costa





More information about the Firehol-support mailing list