On Mon, Dec 10, 2007 at 01:40:50AM +0100, Pedro Bezunartea López wrote: > I have several computers connected to the internet through a DSL router that > assigns rfc1918 (192.168.1.x) addresses to the systems connected. I have a > server where shorewall is installed with one interface eth0, with a static > ip (192.168.1.3). The router is configured to forward all connections from > the internet to the linux server. > I am assuming, based on your description, that your server has only a single Ethernet interface.
> I'd like to know how I can configure shorewall to allow connections from the > local network (192.168.1.x) to several services (smb mainly) but not from > the internet. > If it is a single interface firewall and your DSL router is forwarding all traffic in, then that might be difficult. > I thought I needed to create the 'loc' zone with ip addresses in the net > 192.168.1.0, and assume any other address to come from the 'net' zone. > Zones are (usually) associated with physical interfaces, not with particular addresses. > I've read I need to use the hosts file, but I haven't been able to find find > out how. > Did you read 'man 5 shorewall-hosts' ? > I'm quite sure this question has come up before, unfortunately I couldn't > find the answer. :( > I would recommend one of the following two solutions: 1. have your DSL router only forward ports that you really want to be open on your Linux server (e.g., web server for port 80). 2. Write accept statements in your rules files that specify to only accept traffic from particular IP addresses in your local zone. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
