Hello List, Many services are running okay.
Now, I need to create a rule, to allow some ips to use Skype. By default, my policy block all traffic from internals network to internet. But, I just have success for connect to Skype, if I allow all traffic to these ips. How can I creat this rule? Best Regards, Watanabe -------------------------------------------------------------------------------------------------------------------- # /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # adm net DROP info tlm net DROP info # net adm DROP info net tlm DROP info # $FW $FW ACCEPT $FW net ACCEPT adm tlm ACCEPT # all all REJECT info # #LAST LINE -- DO NOT REMOVE /etc/shorewall/params TLM=eth0 ADM=eth1 EXT=eth2 DNS=192.168.0.200 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 118.23.99.136 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 220.x.y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 # /etc/shorewall/zones ############################################################################### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 tlm ipv4 adm ipv4 # /etc/shorewall/interfaces ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS tlm $TLM detect routefilter,tcpflags,dhcp,routeback adm $ADM detect routefilter,tcpflags,dhcp,routeback net ppp0 detect tcpflags,routefilter,blacklist,nosmurfs # /etc/shorewall/masq ############################################################################### #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK ppp0 $TLM ppp0 $ADM # /etc/shorewall/rules #################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME # PORT PORT(S) DEST LIMIT GROUP REDIRECT adm 3128 tcp 80 REDIRECT tlm 3128 tcp 80 ACCEPT $FW net tcp 80,443 Ping/ACCEPT adm $FW Ping/ACCEPT tlm $FW Ping/ACCEPT $FW adm Ping/ACCEPT $FW tlm Ping/ACCEPT adm net Ping/ACCEPT $FW net DNS/ACCEPT adm:$DNS net DNS/ACCEPT $FW net DNS/ACCEPT tlm adm:$DNS # /etc/shorewall/rfc1918 ############################################################################### #SUBNETS TARGET 192.168.0.0/24 RETURN # ADM Network 192.168.20.0/24 RETURN # TLM Network 172.16.0.0/12 logdrop # RFC 1918 192.168.0.0/16 logdrop # RFC 1918 10.0.0.0/8 logdrop # RFC 1918 ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
