Hello!!!!
Well, Finally I finded my mistake... (I think so...) I changed the "eth2" interface connected to pppoe modem, by "ppp0" interface, assigned by pppoe connection. Now, my external interface is "ppp0". By the way, I'm using Squid 3.0 for my proxy service. The rules to squid are: #/etc/shorewall/rules ..... REDIRECT adm 3128 tcp 80 REDIRECT tlm 3128 tcp 80 ACCEPT $FW net tcp 80,443 ......... The rules above, I used long ago, but now do not seem to work. How best to configure the permission for the proxy service, knowing that the port in use is 3128? Best Regards, Watanabe ----- Original Message ----- From: "Anderson Watanabe" <[email protected]> To: "Shorewall List" <[email protected]> Sent: Friday, March 13, 2009 3:49 PM Subject: Polices, Rules and Configurations - No Success (#/etc/shorewall/policy) > Hello, > > I forgot to put my #/etc/shorewall/policy file: > > # /etc/shorewall/policy > ############################################################################### > #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: > # LEVEL BURST MASK > # > adm net DROP info > tlm net DROP info > # > net adm DROP info > net tlm DROP info > # > $FW $FW ACCEPT > $FW net ACCEPT > adm tlm ACCEPT > # > all all REJECT info > # > #LAST LINE -- DO NOT REMOVE > > > > Thanks. > Watanabe > > > ----- Original Message ----- > From: "Anderson Watanabe" <[email protected]> > To: "Shorewall List" <[email protected]> > Sent: Friday, March 13, 2009 3:10 PM > Subject: Polices, Rules and Configurations - No Success > > >> Hello, >> >> >> I'm running a Shorewall 4.2.6 with all patchs. >> >> My policy is all traffic blocked and just allow some services. I'm try to >> set, but don't have success to running okay. I'm searching, but don't see >> my mistake. >> >> My configuration is: >> >> eth0 - internal interface (192.168.0.5/24) >> eth1 - internal interface (192.168.20.5/24) >> eth2 - external interface (220.x.y.234/24) connected with ISP's modem >> >> Internal DNS = 192.168.0.200 >> >> I'm use PPPoE conected with eth2, and my IP on ppp0 is 220.x.y.235 and my >> pppoe interface (ppp0) receive the same (fixed) ip address >> (220.x.y.233). >> >> # /etc/shorewall/params >> TLM=eth0 >> ADM=eth1 >> EXT=eth2 >> DNS=192.168.0.200 >> >> # route -n >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref Use >> Iface >> 118.23.99.136 0.0.0.0 255.255.255.255 UH 0 0 0 >> ppp0 >> 220.x.y.0 0.0.0.0 255.255.255.0 U 0 0 0 >> eth2 >> 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 >> 0 eth0 >> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 >> 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 >> ppp0 >> >> >> My files: >> >> >> # /etc/shorewall/zones >> ############################################################################### >> #ZONE TYPE OPTIONS IN OUT >> # OPTIONS OPTIONS >> fw firewall >> net ipv4 >> tlm ipv4 >> adm ipv4 >> >> # /etc/shorewall/interfaces >> ############################################################################### >> #ZONE INTERFACE BROADCAST OPTIONS >> tlm $TLM detect routefilter,tcpflags,dhcp,routeback >> adm $ADM detect routefilter,tcpflags,dhcp,routeback >> net $EXT detect tcpflags,routefilter,blacklist,nosmurfs >> >> # /etc/shorewall/masq >> ############################################################################### >> #INTERFACE SOURCE ADDRESS PROTO PORT(S) >> IPSEC MARK >> $EXT $TLM >> $EXT $ADM >> >> # /etc/shorewall/rules >> #################################################################################################################################################### >> #ACTION SOURCE DEST PROTO DEST SOURCE >> ORIGINAL RATE USER/ MARK CONNLIMIT TIME >> # PORT PORT(S) >> DEST LIMIT GROUP >> REDIRECT adm 3128 tcp 80 >> REDIRECT tlm 3128 tcp 80 >> ACCEPT $FW net tcp 80,443 >> Ping/ACCEPT adm $FW >> Ping/ACCEPT tlm $FW >> Ping/ACCEPT $FW adm >> Ping/ACCEPT $FW tlm >> Ping/ACCEPT adm net >> Ping/ACCEPT $FW net >> DNS/ACCEPT adm:$DNS net >> DNS/ACCEPT $FW net >> DNS/ACCEPT tlm adm:$DNS >> >> # /etc/shorewall/rfc1918 >> ############################################################################### >> #SUBNETS TARGET >> 192.168.0.0/24 RETURN # ADM Network >> 192.168.20.0/24 RETURN # TLM Network >> 172.16.0.0/12 logdrop # RFC 1918 >> 192.168.0.0/16 logdrop # RFC 1918 >> 10.0.0.0/8 logdrop # RFC 1918 >> >> >> What am I doing wrong? Someone can help me? >> >> >> Best Regards, >> Watanabe > ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
