Hi All, Out of 20 sites, I have a single site that isn't respecting admin zone rules.
I have a set of IPs assigned to the admin zone which are IPs that we want to be able to ssh or http into the box from. I have no admin rules, simply one admin policy which ACCEPTs all to the fw zone. However, whenever we try to connect to the box from one of the IPs in the admin zone, the packet is dropped by the net2all policy. The admin<->fw policies are above the net<->any policy in the policies file. I habe no rules that involve the admin zone, just the single policy. When I start Shorewall I can see that it 'loads' the admin zone IPs, so that seems to be OK. The trouble seems to be that the packets aren't triggering the 'from admin zone' policy and are therefore falling through to the net to any DROP policy. If I just create a plain old net -> fw policy, then we can connect without issue so the services themselves are set up OK. This is especially perplexing as the same configuration works in 19/20 sites. Anyone have any ideas how to troubleshoot this thing? Thanks Jon ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
