more info
Tom: again, I went through that part of the FAQ. I noticed that my OUT= in
the logs is blank. shouldnt that be my interface for 'loc' since the route
is set for a destination of loc:10.223.8.10 ?
here:
> Shorewall:net2fw:DROP:IN=eth1 *OUT=* MAC=00:e0:81:75:54:8f:00
>
here is my interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
> loc eth0 auto routeback
> net eth1 auto
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
and my rules:
SECTION NEW
> Telnet/DNAT:info net loc:10.223.8.10
> FTP/DNAT:info net loc:10.223.8.10
> DROP:info net all tcp 3128
> DROP:info net all udp 3128
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
and my policy:
fw loc ACCEPT
> fw net ACCEPT
> loc fw ACCEPT
> loc net ACCEPT
> net loc ACCEPT
> net fw ACCEPT
> #LAST LINE -- DO NOT REMOVE
>
i know, policy is not an acceptable default but i didnt want the REJECT on
net -> fw and net -> loc to get in the way during my trouble shooting.
On Wed, Mar 12, 2008 at 7:57 AM, dan <[EMAIL PROTECTED]> wrote:
> Tom, I did go through the FAQs 1a and 1b but will try again, maybe a
> nights sleep will improve me view.
>
> Unfortunately my software vendor for some old software on an alpha server
> can only use telnet and ftp to do updates and maintenance on my ancient
> software system. I protested a great deal about having open telnet access
> but they gave me an ultimatum of "give us access the way we want" or "we
> wont support your old software and your on your own with our proprietary
> poorly designed junk". I may have taken some liberties on quoting their
> response :)
>
> I will at least limit the DNAT to their IP address as the source. I was
> thinking of putting some kind of ssh/terminal emulator in a browser but i
> need VT400 emulation which I can't find in a java terminal emulator. The
> vendor is afraid of putty for some reason :( and wont use a VPN to get to me
> :(
>
> On Tue, Mar 11, 2008 at 4:53 PM, Tom Eastep <[EMAIL PROTECTED]> wrote:
>
> > dan wrote:
> >
> > >
> > > any help would be awesome. thanks
> >
> > Please follow the troubleshooting steps in Shorewall FAQs 1a and 1b.
> >
> > -Tom
> >
> > PS Are you *sure* that you want to use telnet across the internet? It's
> > a
> > very silly thing to do from a security point of view which is why SSH
> > was
> > invented.
> > --
> > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> > Shoreline, \ http://shorewall.net
> > Washington USA \ [EMAIL PROTECTED]
> > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> >
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
> >
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
