Cameron MacDonald wrote:
Thomas Backlund wrote:
Cameron MacDonald wrote:
Marek Pawinski wrote:
Cameron MacDonald wrote:
I'm having trouble setting rules for Shorewall (version 2.0.17) on
my 2005LE box. I'm trying to ssh into it from a laptop on my local
network. LE box is 192.168.1.100, laptop is 192.168.1.102. Default
gateway is set correctly in both machines (192.168.1.1). Zones
defined in /etc/shorewall/zones are: net and loc. I've tried quite
a few rules using ACCEPT and DNAT as actions, but nothing seems to
work. The only way to ssh into it is to stop Shorewall.
Can anyone shed a ray of light on this? I've gone through the
Shorewall.sourceforge site, but can't seem to find anything that
works.
I appreciate any thoughts.
Cameron
Any other info that would help, just ask.
Try add this to your shorewall rules:
ACCEPT net:192.168.1.102 net:192.168.1.100 all
ACCEPT net:192.168.1.102 $FW:192.168.1.100 all
Ugh...
That's disabling any firewalling between .102 and .100 on all NICs...
Thanks, Marek.
That works great. Now that I look at those rules, they make sense.
Cameron
The only thing you should need is:
ACCEPT loc:192.168.1.102 fw tcp 22
wich only opens up port 22 (ssh) from your laptop when connected to
your lan (shorewall always consider the host it's installed on as "fw")
--
Regards
Thomas
Thanks for your input, Thomas.
Both the PC and the laptop are mine, only used by me, and I'm the only
one here, so maybe it doesn't matter if the firewall is open between
.100 and .102??
That's a choice for you to make, as it's based on how secure you want
your system...
Is your Router also a firewall?
If so... Do you really need a firewall on an internal host...
Anyway, today when I tried it, I couldn't ssh into .100 again. Tried
with wireless (wlan0) and wired (eth0)--no joy. Stopped shorewall on
CLI, still no joy. Stopped shorewall with MCC, now I can get through.
doing a 'shorewall stop' in cli wont clear the rules...
you also need to do a 'shorewall clear'
So I changed the rules to what you suggested:
ACCEPT loc:192.168.1.102 fw tcp 22
Still no joy with shorewall running.
I've got to be overlooking something, but.....
Scratching my addled pate!!
what are 'loc' and 'net' defined as ?
If they point at the same net addresses it will surely screw with
shorewall trying to set up it's filtering.
--
Regards
Thomas
____________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
Join the Club : http://www.mandrivaclub.com
____________________________________________________
