Hi, Using Shorewall 4.0.7.3 Interfaces. I have setup a DMZ, but can't get any
access in or out.
The loc is working fine for connection to $FW and net.
eth0: for connection to Net using adsl ppp0
eth1: loc IP 10.10.1.3 netmask 255.0.0.0
eth2: dmz IP 10.10.2.3 netmask 255.0.0.0
INTERFACES:
net ppp0 detect routefilter,norfc1918,tcpflags,blacklistmodem eth0 detectloc
eth1 10.10.1.255 tcpflags,dhcpdmz eth2 10.10.2.255 tcpflags,dhcp
MASQ:
ppp0 eth1eth0 eth1eth0 eth2
POLICY:
loc net REJECT infoloc $FW REJECT infoloc dmz REJECT infoloc all
REJECT info$FW net REJECT info$FW loc REJECT info$FW dmz REJECT
info$FW all REJECT infodmz net REJECT infodmz $FW REJECT infodmz loc
REJECT infodmz all REJECT infonet $FW DROP infonet loc DROP infonet
dmz DROP infonet all DROP infoall all REJECT info
ROUTESTOPPED:eth1 -eth2 -
ZONES:
fw firewallnet ipv4loc ipv4dmz ipv4modem ipv4
RULES for DMZ:
DNS/ACCEPT $FW dmzDNS/ACCEPT dmz $FW
ACCEPT dmz net tcp 443
Ping/ACCEPT dmz locPing/ACCEPT loc dmzPing/ACCEPT $FW dmz
Ping/ACCEPT dmz $FW
REDIRECT dmz 3128 tcp !443 #SQUID
ACCEPT $FW net tcp 80
Is there something else that needs adding. Thanks
Patrick.
_________________________________________________________________
Windows Vista + Windows Live. Open up your digital life. Get Windows Live free.
http://get.live.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
