projects / matthijs / servers / drsnuggles.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2c27948) | patch
vuurmuur: Make portforward rules work.
authorroot <root@drsnuggles.stderr.nl>
Thu, 16 Apr 2009 14:49:22 +0000 (16:49 +0200)
committerroot <root@drsnuggles.stderr.nl>
Thu, 16 Apr 2009 14:49:22 +0000 (16:49 +0200)
commit929e6bc363c53c2daf683608c663678a9dc4a911
tree04b6e57a78ecdab9f1d17b6086fe1f2b632c2851tree | snapshot
parent2c279488e0cf61a9ead59deada6180477f479d0fcommit | diff
vuurmuur: Make portforward rules work.

The Portfw rules did not work, since vuurmuur does not know the concept
of local networks and produced FORWARD rules in place of INPUT rules. We
emulate this behaviour by giving the firewall a virtual interface for
each vserver on the world.inet network. This needs splitting the Portfw
rules into a normal Dnat rule and a hacky Accept rule, which gets in_int
set.
etc/vuurmuur/interfaces/vserver-dns-nic.conf [new file with mode: 0644] blob
etc/vuurmuur/interfaces/vserver-login-nic.conf [new file with mode: 0644] blob
etc/vuurmuur/interfaces/vserver-mail-nic.conf [new file with mode: 0644] blob
etc/vuurmuur/interfaces/vserver-www-nic.conf [new file with mode: 0644] blob
etc/vuurmuur/rules/rules.conf diff | blob | history
etc/vuurmuur/zones/inet/networks/world/network.config diff | blob | history
Configuration files for drsnuggles.stderr.nl