On Mon, Dec 10, 2007 at 09:28:15AM +0000, Simon Hobson wrote: > Pedro Bezunartea López wrote: > >I have several computers connected to the > >internet through a DSL router that assigns > >rfc1918 (192.168.1.x) addresses to the systems > >connected. I have a server where shorewall is > >installed with one interface eth0, with a static > >ip ( <http://192.168.1.3>192.168.1.3). The > >router is configured to forward all connections > >from the internet to the linux server. > > > >I'd like to know how I can configure shorewall > >to allow connections from the local network ( > >192.168.1.x) to several services (smb mainly) > >but not from the internet. > > > >I thought I needed to create the 'loc' zone with > >ip addresses in the net > ><http://192.168.1.0>192.168.1.0, and assume any > >other address to come from the 'net' zone. > > > >I've read I need to use the hosts file, but I > >haven't been able to find find out how. > > How about a rule saying : > > SMB/ACCEPT net:192.168.1.0/24 $FW > > Repeat for all services you want to make available. > Because if his DSL router is handing out the address 192.168.1.3 to his Linux server, the router itself likely has the address 192.168.1.1 or 192.168.1.2. Thus, your rule would open up his Samba share to whole world.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
