Changes between Version 3 and Version 4 of Concepts


Ignore:
Timestamp:
09/13/07 00:38:37 (12 years ago)
Author:
Victor Julien
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Concepts

    v3 v4  
    3434
    3535== Interfaces ==
    36 The same as above applies to interfaces as well: You may give them whatever names you like. You may choose name of the NIC vendor or names like 'int' and 'ext' or whatever you prefer.
    37 Interfaces will be — as zones, networks, hosts and groups — be used for creating rules. When creating networks you need to specify an interface that this network is attached to. Vuurmuur uses this interface for its rules: To avoid accepting packages from this network on a wrong interface! So this is for your own safety, actually! ;-)
    38 An interface in the Vuurmuur sense consists of a name you may freely choose, an IP address and a (real) device name like 'eth0'. You may specify if your interface is dynamic (Vuurmuur will care to monitor changes in the IP address then) and in advanced mode you may specify that your interface is virtual.
    39 The latter is required for multiple IP addresses on one interface like 'eth0:0', 'eth0:1'and so on. This feature is especially useful for configuring Source NAT and Destination NAT. Here you might want to think twice about naming your interfaces: maybe it is a good idea to use your IP address endings in the name like 'ext-1', 'ext-2' or use machine or service names like 'ext-kronos' or 'ext-web'. Of course you may use names like 'eth0-0' as well.
    40 ! Note: It is not possible to use ':' in interface names. They may well be used in device names though!
     36The same as above applies to interfaces as well: You may give them whatever names you like. You may choose name of the NIC vendor or names like 'int' and 'ext' or whatever you prefer.[[BR]]
    4137
    42 So again: choose names wise, be careful not to confuse yourself with strange names. Always keep an eye on having a rather intuitive naming scheme so that it is not so easy to rip security holes in your firewall by accident.
    43 Depending on your setup you may choose a simple naming scheme like 'int' and 'ext' or a more complex one with either virtual interfaces or multiple interfaces. Anyways: You need to keep an overview!
     38Interfaces will be — as zones, networks, hosts and groups — be used for creating rules. When creating networks you need to specify an interface that this network is attached to. Vuurmuur uses this interface for its rules: To avoid accepting packages from this network on a wrong interface. An interface in the Vuurmuur sense consists of a name you may freely choose, an IP address and a (real) device name like 'eth0'. You may specify if your interface is dynamic (Vuurmuur will care to monitor changes in the IP address then) and in advanced mode you may specify that your interface is virtual.[[BR]]
     39
     40So again: choose names wise, be careful not to confuse yourself with strange names. Always keep an eye on having a rather intuitive naming scheme so that it is not so easy to rip security holes in your firewall by accident. Depending on your setup you may choose a simple naming scheme like 'int' and 'ext' or a more complex one with either virtual interfaces or multiple interfaces. Anyways: You need to keep an overview!