Hello, I forgot to put my #/etc/shorewall/policy file:
# /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # adm net DROP info tlm net DROP info # net adm DROP info net tlm DROP info # $FW $FW ACCEPT $FW net ACCEPT adm tlm ACCEPT # all all REJECT info # #LAST LINE -- DO NOT REMOVE Thanks. Watanabe ----- Original Message ----- From: "Anderson Watanabe" <[email protected]> To: "Shorewall List" <[email protected]> Sent: Friday, March 13, 2009 3:10 PM Subject: Polices, Rules and Configurations - No Success > Hello, > > > I'm running a Shorewall 4.2.6 with all patchs. > > My policy is all traffic blocked and just allow some services. I'm try to > set, but don't have success to running okay. I'm searching, but don't see > my mistake. > > My configuration is: > > eth0 - internal interface (192.168.0.5/24) > eth1 - internal interface (192.168.20.5/24) > eth2 - external interface (220.x.y.234/24) connected with ISP's modem > > Internal DNS = 192.168.0.200 > > I'm use PPPoE conected with eth2, and my IP on ppp0 is 220.x.y.235 and my > pppoe interface (ppp0) receive the same (fixed) ip address (220.x.y.233). > > # /etc/shorewall/params > TLM=eth0 > ADM=eth1 > EXT=eth2 > DNS=192.168.0.200 > > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 118.23.99.136 0.0.0.0 255.255.255.255 UH 0 0 0 > ppp0 > 220.x.y.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth2 > 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 > 0 eth1 > 0.0.0.0 0.0.0.0 0.0.0.0 U 0 > 0 0 ppp0 > > > My files: > > > # /etc/shorewall/zones > ############################################################################### > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > net ipv4 > tlm ipv4 > adm ipv4 > > # /etc/shorewall/interfaces > ############################################################################### > #ZONE INTERFACE BROADCAST OPTIONS > tlm $TLM detect > routefilter,tcpflags,dhcp,routeback > adm $ADM detect > routefilter,tcpflags,dhcp,routeback > net $EXT detect tcpflags,routefilter,blacklist,nosmurfs > > # /etc/shorewall/masq > ############################################################################### > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK > $EXT $TLM > $EXT $ADM > > # /etc/shorewall/rules > #################################################################################################################################################### > #ACTION SOURCE DEST PROTO DEST SOURCE > ORIGINAL RATE USER/ MARK CONNLIMIT TIME > # PORT PORT(S) > DEST LIMIT GROUP > REDIRECT adm 3128 tcp 80 > REDIRECT tlm 3128 tcp 80 > ACCEPT $FW net tcp 80,443 > Ping/ACCEPT adm $FW > Ping/ACCEPT tlm $FW > Ping/ACCEPT $FW adm > Ping/ACCEPT $FW tlm > Ping/ACCEPT adm net > Ping/ACCEPT $FW net > DNS/ACCEPT adm:$DNS net > DNS/ACCEPT $FW net > DNS/ACCEPT tlm adm:$DNS > > # /etc/shorewall/rfc1918 > ############################################################################### > #SUBNETS TARGET > 192.168.0.0/24 RETURN # ADM Network > 192.168.20.0/24 RETURN # TLM Network > 172.16.0.0/12 logdrop # RFC 1918 > 192.168.0.0/16 logdrop # RFC 1918 > 10.0.0.0/8 logdrop # RFC 1918 > > > What am I doing wrong? Someone can help me? > > > Best Regards, > Watanabe ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
