Re: [cobalt-users] PMFirewall and IPChains: Virtual Sites Stops Working

[Gerald Waugh <gerald@xxxxxxxxx>]

On Wednesday 16 January 2002 07:46 pm, Troy Arnold wrote:
> I think I found something related. Wanted everyones advice (especially
> Gerald's).
>
> On PMFirewall's mailing list I found the following...
>
> >I have my setup running 7 virtual iP's works fine...
> >first step is to open pmfirewall.conf in an editor....
> >then find this line.
> >OUTERNET=$OUTERIP/$OUTERMASK
> >and add something like this under it...
> >OUTERNET2=204.49.12.55/255.255.255.0
> >OUTERNET3=204.49.12.56/255.255.255.0
> >OUTERNET4=204.49.12.57/255.255.255.0
> >OUTERNET5=204.49.12.58/255.255.255.0
> >Where they are your virtual IP's
> >Then save and close that and open pmfirewall.rules.local
> >then simply replicate the allow rules that you want to work with the other
>
> interface and >replace OUTERNET in that rule with OUTERNET2, or OUTERNET3
> or OUTERNET4  >you get the idea...
>
> >as you have seen deny rules are not required as they are denied by
> > default. Restart pmfirewall with ./pmfirewall restart and you are off and
> > running..
>
> Does this sound right. I swear I tested this method but I am going to give
> it another shot. I have 32 ips I use for my virtual sites (all in a
> block)... any ideas on setting OUTERNET2 to a block of ips? instead of
> manually setting each one up. Wanted your input Gerald. What do you think?
>

Thinking again, I have all my virtual sites on one IP.

If you do the above then for each rule.
you need a rule for each ip address.
You may be talking about 
32 rules to accept smtp
32 rules to accept pop
32 rules to accept dns
32 rules to accept 80
32 rules to accept 81
and so on.

-- 
Gerald Waugh
Registered Linux User 255245
Register at http://counter.li.org