On Monday 30 Dec 2002 9:04 pm, Mark Weaver wrote: > Derek Jennings wrote: > > On Saturday 28 Dec 2002 4:10 pm, Kristjan wrote: > >>Hi > >> > >>One short question > >>I want to have httpd enabled over lan but disabled to internet, so that I > >>can serve webpages to my LAN only. > >> > >>Also I want to have remote accsess to my mandrake box over ssh, from LAN, > >>but nowhere else. > >> > >>Probably I need to make some rules to shorewall, but need advise here. Or > >>are there any other places I need to look over ? > >> > >>thanks > >>Kristjan > > > > Easy enough just edit /etc/shorewall/rules It is full of examples. Right > > at the bottom are the actual rules. You will notice there is a line for > > each combination of traffic; Network to firewall, lan (or masq) to > > firewall, lan to net and so on. Just put the protocol names or port > > numbers in the appropriate line (http is port 80, ssh is port 22) > > Then restart shorewall with 'service shorewall restart' > > > > > > derek > > but...what if your machine only has one network card in it? I've setup a > machine with 9.0 and two nics with shorewall and it worked ok, but to > get shorewall to work with one nic didn't seem doable.
If you only have one NIC and want to allow access to ssh from the internet, then the file /etc/shorewall/zones will only have entries for 'net' and 'fw' (network and firewall) /etc/shorewall/interfaces will have an entry associating zone net with eth0 (or ppp0) and /etc/shorewall/rules will have an entry allowing ssh traffic from 'net to fw' I have not tried it, but I think the Firewall GUI in Mandrake Control Centre would set it up OK derek -- ---------------------------------- www.jennings.homelinux.net
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
