Tom Eastep wrote: > Thomas Mørch wrote: >> I'm trying to divide my local network into sections, I have defined the >> following "sub-subnets" : >> kids eth0:192.168.2.192/26 <http://192.168.2.192/26> >> voks eth0:192.168.2.128/26 <http://192.168.2.128/26> >> stat eth0:192.168.2.127/25 <http://192.168.2.127/25> >> With some dhcp rules, I assign different addresses to the kidds >> computers, than to the other computers. >> >> What I wanted is that the kidds doesn't have access to SSH on the >> firewall, only computers in the voks zone. >> >> I have tried to make the following rule : >> SSH/ACCEPT voks $FW >> >> But that just shuts down access to SSH on the server, the normal rule : >> SSH/ACCEPT loc $FW >> works ok, and I can connect to the firewall using ssh (but also from the >> kids "network" >> >> I know that it is rather easy to circumvent my lockups, but I don't >> expect the kidds to know how to change the IP address of their computer >> yet (they are 10 and 8 years, which should give me a couple of years >> before they figure something out :)) >> >> Also It is just for my own "fun" and learning that I want to set it up > > We can tell you nothing without seeing the output of "shorewall dump". > See http://www.shorewall.net/support.htm#Guidelines >
Follow Roberto's suggestion re shorewall-nesting before following mine; you might save yourself some time :-) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
