1 |
Hello list, |
2 |
|
3 |
I've been using shorewall happily for many years, but now I have a LAN setup |
4 |
that the docs seem not to cover. The new web-server box I mentioned recently |
5 |
has two Ethernet ports, which I want to connect as follows: |
6 |
|
7 |
Port 1 (enp1s0) will be connected to a spare port on my vDSL modem/router |
8 |
and be accessible from outside. An HTTP hole* will be opened in the router |
9 |
for this. |
10 |
|
11 |
Port 2 (enp2s0) is connected to my LAN switch, which is connected in turn to |
12 |
another port on the vDSL modem, which has no holes open to this port. Once |
13 |
the server goes into service this interface will be down most of the time. |
14 |
|
15 |
I want to ensure that no bridging occurs between the two ports in the web |
16 |
server. |
17 |
|
18 |
Shorewall has very good documentation, but I can't see an example similar to |
19 |
this; they assume that a two-homed machine is to act as a firewall, which is |
20 |
not at all what I want to do. http://shorewall.org/MultiISP.html isn't quite |
21 |
it either. |
22 |
|
23 |
Does anyone have any tips or examples showing how to go about this? I'm |
24 |
confronted with that terrifying blank sheet of paper. |
25 |
|
26 |
* Yes, I know I should go the whole hog and insist on HTTPS only, but that's |
27 |
another kettle of fish altogether. I prefer to think about it separately. |
28 |
|
29 |
-- |
30 |
Regards |
31 |
Peter |