--- Simon Hobson <[EMAIL PROTECTED]> wrote: > java guru wrote: > >Thanks. Yes, I will be running squid on the same > >machine as shorewall. > > > >Are you saying that if I install squid, I wouldnt > need > >shorewall anymore ? > > No I didn't say that. What I said is that you do not > need to route > packets from cablemodem to dial-up modems - because > you will simply > never have them delivered to you anyway. > > You WILL probably still want to use Shorewall (or > any other firewall > setup that you wish) in order to secure your setup. > > >a) I want to block all incoming ports from > >ppp(0,1,2..) to secure it > > Set the policy from the zone containing the dialups > to internal zones > (and firewall) to drop. > This is done and working fine.
> >b) I am trying to achieve a way to distribute the > out > >going http, https traffic onto ppp interfaces. And > >from what read, squid isnt very good at that type > of > >routing . So I thought I would use shorewall + > squid. > > Read the bit in teh docs about multi ISP setup ? > Yes, I did read the tech docs and not trying to waste folks time. I read the two interface setup. I didnt even reach the point to bring multi-isp thing into picture. My original question has to do with fw box having two interfaces eth0 and ppp0. eth0 connected to internal LAN thats connected on other end to hardware modem thats connected to cable modem (another ISP). I read the two interface docs and setup with three zones. loc - eth0 fw - net - ppp0 I changed policy to allow traffic between various zones accordingly. The rules have ssh accept from loc to fw - thought this should take care of ssh from outside world to fw via cable modem. But it didnt work. In the logs, I see something to the effect of SRC:1.2.3.4 DST:192.168.1.104 REJECT. 1.2.3.4 being outside ip trying to reach 192.168.1.104 (fw) for ssh and being rejected. Connection from 1.2.3.4 is coming to fw via cable modem and NOT PPP0. > >Any thoughts ? > > Yes, apart from the above, please learn to properly > quote & trim > messages, and post your new material below that to > which it refers. > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get > the chance to share your > opinions on IT & business topics through brief > surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > __________________________________________________________ Yahoo! India Answers: Share what you know. Learn something new http://in.answers.yahoo.com/ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
