Anderson Watanabe wrote: > Mr Sanchez, > > > Yes! I read those documents and others too. But I still have some > doubts, therefore, wrote to the list. > > My questions were about to know if are correct or wrong. Is that > after so long, I understant the new concept of Shorewall?
"Correct or wrong" is never easy to determine by simply looking at
part of your config files.
>
> I've used Shorewall for 8 years ago (version 1.x??), and since that
> time, never used more. I was at the "spiritual retirium" (in state of
> coma), and just back to life again, now. Sorry if my original e-mail
> offended you or the community, but, if don't make a question to this
> list, who answer to me ? Who can help me?
We can help you but we have to have full and correct information.
Here are your questions:
> 1) In FW(b), /etc/shorewall.hosts, Is it correct my configuration?
See above.
> 2) How can I make a rule to allow a remote vpn connect to both
> firewalls?
The OpenVPN document that Roberto refers you to gives that information.
Without knowing what you've configured, we can't answer that other than
by saying "Read the manual".
> 3) For all internals networks ('adm', 'sis', 'tlm' and 'gar'), the
> proxy service is running at FW(a) and the access to 'nfp'
> zone/network, is running at FW(b).
>
> 3a) I need, from FW(a), 'adm' zone, make a rule to redirect (use), by
> FW(b), the route and vpn to 'nfp' zone.
>
> 3b) I need, from FW(b), 'tlm' zone, make a rule to redirect (use), at
> FW(a), the proxy service.
Without knowing what you have already put in place, 3a not answerable.
And what is "proxy service"? Squid? SOCKS? Internet Proxy Server for
anonymous access? ??? And is traffic to be transparently redirected to
this service? If so, what traffic? You use the word 'redirect' so I can
*guess* that you simply want to forward some traffic -- if so, that is a
simple DNAT rule; see Shorewall FAQ 1. If you post again, we need a
description such as "host 192.168.4.5 in FW a's n
The second URL that Roberto gave you describes what we need from you to
solve your problem. Note that it explicitly asks that you *not* send us
your configuration files unless specifically asked to do so. It also
asks for the output of "shorewall dump" collected in a specific way and
with accompanying details.
Again, we are here to help but we are not mind readers -- we can't
answer questions when we don't have enough information to even
understand those questions.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
