Re: [Shorewall-users] Allow Direct Connection from host

Rhon Mon, 31 Mar 2008 23:39:20 -0700

Hi Tom,

Thanks for your reply. Here's some of the details of my firewall


/etc/shorewall/interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect
net     eth1            detect
loc     eth2            detect          dhcp

/etc/shorewall/zones
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
loc     ipv4
net     ipv4

/etc/shorewall/policy
###############################################################################
#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
$FW             net             ACCEPT
loc             net             ACCEPT
loc             fw              ACCEPT
net             all             DROP            info

#THIS LINE MUST BE LAST
all             all             REJECT          info

I want to allow one host to have direct connection to the Internet. How can
I possibly do this?

TIA
rhon

On Tue, Apr 1, 2008 at 1:50 PM, Tom Eastep <[EMAIL PROTECTED]> wrote:

> Rhon wrote:
> > Hi,
> >
> > Is there any way I can allow my internal server to bypass the firewall
> > and have direct connection? I usually do it using this rule:
>
> You are not "bypassing the firewall"; you are configuring your firewall to
> allow certain traffic.
>
> >
> > # Allow this IP to have direct connection
> > iptables -A FORWARD -i eth0 -d 192.168.1.100/24
> > <http://192.168.1.100/24> -j ACCEPT
> > iptables -A FORWARD -i eth1 -s 192.168.1.100/24
> > <http://192.168.1.100/24> -j ACCEPT
> >
> > How can I convert it to fit shorewall rules?
>
> There is no way to directly convert those rules without more information
> about your setup. When using Shorewall, you must describe your firewall in
> Shorewall terms (zones, policies and rules) rather than in raw iptables
> terms (interfaces and networks).
>
> So if you will tell us about your network topology and Shorewall
> configuration, we can then advise you how to configure Shorewall to obtain
> similar results.
>
> -Tom
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ [EMAIL PROTECTED]
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Allow Direct Connection from host

Reply via email to