The Peach wrote: > Hello all, > first of all I must admit I'm a total newbie on firewall related things. > Anyway: I'm trying to setup a small NAS in my LAN (behind a router) as a > *services* provider (ftp, web, openvpn ... ). The box has only one interface: > eth0. > > For OpenVPN to work as expected with a tap interface I had to create a > bridge: > # brctl show > bridge name bridge id STP enabled interfaces > br0 8000.000d0b994479 no eth0 > tap > > As ShorewallGeek pointed me to the homepage notice stating that since kernel > 2.6.20 there are problems in Shorewall itself, I upgraded to version 4.0 > along with shorewall-perl. > > upgrading the previous *really* simple Shorewall config for the box is > driving me crazy, because of the restrictions imposed (plus the > aforementioned newbie state). > > The problem is: how do I translate the policy > ACCEPT $fw net > ? > I tried to add a policy like: > ACCEPT $fw world > where world is defined as br0 > but: > # ping -c 3 192.168.1.254 > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. >>From 192.168.1.147 icmp_seq=1 Destination Host Unreachable >>From 192.168.1.147 icmp_seq=1 Destination Host Unreachable >>From 192.168.1.147 icmp_seq=1 Destination Host Unreachable > > where 192.168.1.147 is the ip of the box and 192.168.1.254 is the ip of the > router/gateway in the LAN. > > in the logs I get: > Shorewall:fw2world:REJECT:IN= OUT=br0 SRC=192.168.1.147 > DST=192.168.1.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP > TYPE=8 CODE=0 ID=21586 SEQ=1
In order to be of any help to you, we need to see the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines. -- ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
