I'd like to setup ADSL modem access on network card for outside world. How to do that ? (I'm Debian newbie) ?
What do you mean by "ADSL modem access on network card for outside world"?
- my two network cards are assigned to ethx in wrong order (I'd like to have gigabit card on inside, 100mbit card on outside network - now is just opposite) - can I somehow determine assignment of cards to eth0 or eth1 - or even better can we have this configuration option in Pluto (so each card can be configured as outside/inside) ?
Currently, at install time you can choose which card is the external one (if both get detected). A "swap interfaces" button is being added to the Networking page. There is no plan (yet) on supporting more than two cards. The first two ones found are used automatically.
Of course, you can always change a value in the database by hand.
"Hacking" info:
On the Core, in the
pluto_main database, in the Device_DeviceData table there's an entry with FK_DeviceData=32:
It's value can be found with this SQL statement:
SELECT IK_DeviceData FROM Device_DeviceData WHERE FK_DeviceData=32;It's format is a little less intuitive, but the general idea is that it follows this format:
<external interface>,<data>|<internal interface>,<data>.
If you replace this entry with the interfaces swaped and reboot, you get the interfaces reversed.
You can be more hackerish by editing /usr/pluto/bin/Network_Parameters.sh and switching the ExtIf and IntIf variables in the ExtractData function, this way being easier, but it won't show up in the pluto-admin website.
I know this doesn't sound like "tech support", but until the "swap interfaces" feature is implemented, there is no other way but to either hack or reinstall and choose the other interface when asked. Sorry.
- what are options when setting single Firewalls rule ? There are several empty boxes with no name or explanation ...
The firewall allows two things to be done with it:
- outside access to the Core
- port forwarding to LAN machines
The boxes correspond to the table above, but I agree that some headers in there should be places.
You can specify the protocol, a port or range of ports to allow access to, a destination IP and port to forward that range of ports to (if you choose port_forward) and a rule type (core_input for outside access to the Core, port_forward for outside access to a port located on a computer inside the Network).
If you forward a port and specify a range for source, the destination port is taken as a starting point. For example, if you specify ports 1024-1028 and destination port 5000 on IP 1.2.3.4, you get ports 1024-1028 of the Core forwarded to ports 5000-5004 of 1.2.3.4.
Hope this helps.
