[Shorewall-users] $FW being ignored

Fri, 18 Sep 2009 10:33:57 -0700 

I have had a shorewall 3 interface router configuration setup for quite some
time. Recently I decided to add Open VPN to the mix and added a bridge
interface that tied to eth1.

Everything seems to work except for all of the rules dealing with $FW.

These rules which used to work now don't. The only changes I made to my
shore wall configuration was to switch all references of eth1 to br0.

For instance I cannot SSH from the net to the box anymore.

ACCEPT NET $FW TCP 22

is in the rules.

Note if I do sudo shorewall clear I can SSH just fine indicating that
opensshd is still functioning properly.


I have found no references of Shorewall ignoring $FW online thus I come to
you for help. It is possible that they are out there, but all of my searches
yield information not relevant to this issue.

Thanks in advance


Shorewall v 4.0.15
ubuntu 9.04-server X64


setup:
eth0 --> Net
eth1 --> LAN --> Trusted
eth2 --> Wifi --> Secured but not trusted.

############### /etc/shorewall/zones ###############
#ZONE   TYPE    OPTIONS                 IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc     ipv4
wifi    ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

############### shorewall/masq  ###############
#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S)
IPSEC   MARK
eth0                    br0
eth0                    eth2
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

############### shorewall/interfaces  ###############
net     eth0            detect          tcpflags,dhcp,routefilter,nosmurfs
loc     br0             192.168.37.255   routeback
wifi    eth2           192.168.2.255

############### shorewall/policy  ###############
#
# Policies for traffic originating from the local LAN (loc)
#
loc             all             ACCEPT

#
# Policies for traffic originating from the wifi
#
wifi            net             ACCEPT
wifi            all             DROP

# THE FOLLOWING POLICY MUST BE LAST
all             all             DROP


###############  ###############

------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to