[expert] Shorewall follies revisited

Mon, 30 Dec 2002 16:18:37 -0800

I got Samba working through the firewall but now for some reason I cannot ssh in from outside of my local network. Perhaps my test procedure is in error. I've been ssh'ing out to another server and then attempting to ssh back. Shouldn't this work?

Here is my config:

Processing /etc/shorewall/shorewall.conf ...
Processing /etc/shorewall/params ...
Restarting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
Zones: net masq loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Masquerade Zone: eth1:0.0.0.0/0
Warning: Zone loc is empty
Deleting user chains...
Creating input Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
Adding rules for DHCP
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw udp 53 -" added.
Rule "ACCEPT net fw tcp 53,22,20,21 -" added.
Rule "ACCEPT masq fw udp 53 -" added.
Rule "ACCEPT masq fw tcp 53,22,20,21 -" added.
Rule "ACCEPT loc fw udp 53 -" added.
Rule "ACCEPT loc fw tcp 53,22,20,21 -" added.
Rule "ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added.
Rule "ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added.
Rule "ACCEPT fw masq tcp 631,137,138,139,445 -" added.
Rule "ACCEPT fw masq udp 631,137,138,139 -" added.
Rule "ACCEPT masq fw tcp 631,137,139,445 -" added.
Rule "ACCEPT masq fw udp 631,137,138,139 -" added.
Rule "ACCEPT loc masq tcp 631,137,139,445 -" added.
Rule "ACCEPT loc masq udp 631,137,138,139 -" added.
Rule "ACCEPT masq loc tcp 631,137,139,445 -" added.
Rule "ACCEPT masq loc udp 631,137,138,139 -" added.
Rule "REJECT net masq tcp 631,137,139,445 -" added.
Rule "REJECT net masq udp 631,137,138,139 -" added.
Rule "REJECT net fw tcp 137,139,445 -" added.
Rule "REJECT net fw udp 137,138,139 -" added.
Rule "REJECT net loc tcp 631,137,139,445 -" added.
Rule "REJECT net loc udp 631,137,138,139 -" added.
Setting up ICMP Echo handling...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy REJECT for fw to masq using chain all2all
Policy DROP for net to fw using chain net2all
Policy DROP for net to masq using chain net2all
Policy DROP for net to loc using chain net2all
Policy REJECT for masq to fw using chain all2all
Policy ACCEPT for masq to net using chain masq2net
Policy REJECT for masq to loc using chain all2all
Policy REJECT for loc to fw using chain all2all
Policy ACCEPT for loc to net using chain loc2net
Policy REJECT for loc to masq using chain all2all
Masqueraded Subnets and Hosts:
To 0.0.0.0/0 from 192.168.1.0/255.255.255.0 through eth0
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Activating Rules...
Shorewall Restarted



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to