also remove the line
ACCEPT net $FW
from your rules.
On Tue, Aug 6, 2013 at 4:51 PM, johnny bowen <[email protected]> wrote:
> Let's see if I'm understanding you. So you have 3 zones right? [ net, loc,
> fw ]
> And you're 'weather station' machine connects to the firewall via loc
> interface?
> And you need the 'weather station' to connect somewhere on the internet..
> through the net interface?
>
> If I understood correctly, you can either add the following to
> /etc/shorewall/policy:
> loc net ACCEPT
>
> OR
>
> you can add individual rules for loc like:
> ACCEPT loc net tcp 23
> ACCEPT loc net tcp 14580
>
>
>
> NOTICE how the loc is going to the net, and not the fw..
>
>
>
> On Tue, Aug 6, 2013 at 4:34 PM, Pete Geenhuizen <[email protected]>wrote:
>
>>
>> On 08/06/2013 04:54 PM, Tom Eastep wrote:
>>
>> On 8/6/2013 10:11 AM, Pete Geenhuizen wrote:
>> Why don't you simply have an ACCEPT policy from $FW to net? In
>> /etc/shorewall/policy:
>>
>> $FW net ACCEPT
>>
>> Thanks Tom for the suggestion, and please forgive my ignorance, but
>> wouldn't this open the firewall to anything?
>> Anyway I gave it a shot, but unfortunately it didn't make any difference,
>> still no joy.
>>
>>
>> Placing DNS names in your configuration is a really bad idea. See:
>>
>> I agree completely and that wasn't what I wanted to do, which is one
>> reason why I was asking for help.
>>
>> Perhaps I have something else in the rules file creating a problem, so
>> here are the rules that I have
>> SECTION NEW
>>
>> ACCEPT net $FW
>> DNAT net loc:XXX.XXX.XXX.13 tcp 22 2222
>>
>> DNAT net loc:XXX.XXX.XXX.2 tcp http,https,imap,imaps,smtp
>>
>> Invalid(DROP) net all
>> DNS(ACCEPT) $FW net
>> SSH(ACCEPT) loc $FW
>> Ping(ACCEPT) loc $FW
>>
>>
>> Ping(DROP) net $FW
>>
>> ACCEPT $FW loc icmp
>> ACCEPT $FW net icmp
>>
>>
>>
>> --
>> Unencumbered by the thought process.
>> -- Click and Clack the Tappet brothers
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
