I'm trying to setup shorewall on my server in my lan but I'm having some
problems.
My network looks like this:
server: eth0: 192.168.1.2 (sshd, tinydns)
eth0:0: 192.168.1.3 (dnscache)
desktop: 192.168.1.4 -> router (192.168.1.1) -> broadband (dhcp)
internet
laptop: 192.168.1.5 ->
I've read all the documentation on shorewall.net and have ping and dns
working from everywhere (loc and net) but I'm still having problems
enabling ssh from the internet to my server and not being able to access
the internet from my server (although I was able to before making some
shorewall config change).
My configuration looks like this:
I kept policy pretty much the same, except I have no dmz zone and
changed the first rule to have source fw since the other computers on
the lan just use the server for dns
###############################################################################
#SOURCE DEST POLICY LOG
# LEVEL
fw net ACCEPT
net all DROP info
all all REJECT info
since I have eth0 serving both loc and net zones, my interfaces is:
#ZONE INTERFACE BROADCAST
- eth0 192.168.1.255
then my hosts is:
#ZONE HOST(S)
net eth0:192.168.1.2,192.168.1.3
loc eth0:192.168.1.0/24
my are this:
#ACTION SOURCE DEST PROTO DEST
# PORT
# allow ssh from local network and net to firewall
ACCEPT loc fw tcp 22
ACCEPT net:192.168.1.2 fw tcp 22
#
# allow dns from local network and net to firewall
ACCEPT loc fw udp 53
ACCEPT net:192.168.1.2 fw udp 53
ACCEPT net:192.168.1.3 fw udp 53
#
# allow ping to and from firewall
ACCEPT loc fw icmp 8
ACCEPT net:192.168.1.2 fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net:192.168.1.2 icmp 8
Does anybody see what is preventing ssh access from the net zone and
internet access on the server, "lynx www.slashdot.org" says "Unable to
connect to remote host".
Tom
--
[EMAIL PROTECTED] mailing list
