| 1 |
Hello list, |
| 2 |
|
| 3 |
I've been using shorewall happily for many years, but now I have a LAN setup |
| 4 |
that the docs seem not to cover. The new web-server box I mentioned recently |
| 5 |
has two Ethernet ports, which I want to connect as follows: |
| 6 |
|
| 7 |
Port 1 (enp1s0) will be connected to a spare port on my vDSL modem/router |
| 8 |
and be accessible from outside. An HTTP hole* will be opened in the router |
| 9 |
for this. |
| 10 |
|
| 11 |
Port 2 (enp2s0) is connected to my LAN switch, which is connected in turn to |
| 12 |
another port on the vDSL modem, which has no holes open to this port. Once |
| 13 |
the server goes into service this interface will be down most of the time. |
| 14 |
|
| 15 |
I want to ensure that no bridging occurs between the two ports in the web |
| 16 |
server. |
| 17 |
|
| 18 |
Shorewall has very good documentation, but I can't see an example similar to |
| 19 |
this; they assume that a two-homed machine is to act as a firewall, which is |
| 20 |
not at all what I want to do. http://shorewall.org/MultiISP.html isn't quite |
| 21 |
it either. |
| 22 |
|
| 23 |
Does anyone have any tips or examples showing how to go about this? I'm |
| 24 |
confronted with that terrifying blank sheet of paper. |
| 25 |
|
| 26 |
* Yes, I know I should go the whole hog and insist on HTTPS only, but that's |
| 27 |
another kettle of fish altogether. I prefer to think about it separately. |
| 28 |
|
| 29 |
-- |
| 30 |
Regards |
| 31 |
Peter |
Archives