Hello,
I'm running a Shorewall 4.2.6 with all patchs. My policy is all traffic blocked and just allow some services. I'm try to set, but don't have success to running okay. I'm searching, but don't see my mistake. My configuration is: eth0 - internal interface (192.168.0.5/24) eth1 - internal interface (192.168.20.5/24) eth2 - external interface (220.x.y.234/24) connected with ISP's modem Internal DNS = 192.168.0.200 I'm use PPPoE conected with eth2, and my IP on ppp0 is 220.x.y.235 and my pppoe interface (ppp0) receive the same (fixed) ip address (220.x.y.233). # /etc/shorewall/params TLM=eth0 ADM=eth1 EXT=eth2 DNS=192.168.0.200 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 118.23.99.136 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 220.x.y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 My files: # /etc/shorewall/zones ############################################################################### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 tlm ipv4 adm ipv4 # /etc/shorewall/interfaces ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS tlm $TLM detect routefilter,tcpflags,dhcp,routeback adm $ADM detect routefilter,tcpflags,dhcp,routeback net $EXT detect tcpflags,routefilter,blacklist,nosmurfs # /etc/shorewall/masq ############################################################################### #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK $EXT $TLM $EXT $ADM # /etc/shorewall/rules #################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME # PORT PORT(S) DEST LIMIT GROUP REDIRECT adm 3128 tcp 80 REDIRECT tlm 3128 tcp 80 ACCEPT $FW net tcp 80,443 Ping/ACCEPT adm $FW Ping/ACCEPT tlm $FW Ping/ACCEPT $FW adm Ping/ACCEPT $FW tlm Ping/ACCEPT adm net Ping/ACCEPT $FW net DNS/ACCEPT adm:$DNS net DNS/ACCEPT $FW net DNS/ACCEPT tlm adm:$DNS # /etc/shorewall/rfc1918 ############################################################################### #SUBNETS TARGET 192.168.0.0/24 RETURN # ADM Network 192.168.20.0/24 RETURN # TLM Network 172.16.0.0/12 logdrop # RFC 1918 192.168.0.0/16 logdrop # RFC 1918 10.0.0.0/8 logdrop # RFC 1918 What am I doing wrong? Someone can help me? Best Regards, Watanabe ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
