On 8/6/2013 10:11 AM, Pete Geenhuizen wrote: > I'm trying to implement shorewall on my Centos 6 firewall. I'm by no > means a firewall person and have an extremely limited knowledge of > iptables and find it to be very confusing, and am hoping that > Shorewall will help me get around that problem. > > With that said, here's what I attempting to figure out. > > I have a web and email server running on a local host and when I > implement shorewall I continue to get email and my web page is > accessible from the internet. So far so good. > > My problem is with the firewall itself. I run a weather station > connected to my firewall, and it sends updates to weather underground, > and to CWOP, I also run ddclient on the same host. All 3 of these > processes fail to connect to their respective hosts. Why don't you simply have an ACCEPT policy from $FW to net? In /etc/shorewall/policy:
$FW net ACCEPT > > As best I can determine ddclient and connections to the weather > underground hosts both utilize port 80, and > all cwop servers - - - cwop.aprs.net : port 14580 or port 23 - - - > this links to all four CWOP servers. > > Here are the rules that I've tried. I tried specifying both > protocols and ports as well but neither works. > > ACCEPT net:checkip.dyndns.org $FW all - > ACCEPT net:weatherstation.wunderground.com $FW all - > ACCEPT net:cwop.aprs.net $FW all - > DNAT net loc:XXX.XXX.XXX.2 tcp http,https,imap,imaps,smtp Placing DNS names in your configuration is a really bad idea. See: http://www.shorewall.net/configuration_file_basics.htm#dnsnames http://www.shorewall.net/FAQ.htm#idp3857840 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
