[Shorewall-users] Allowing connections from other machines on the LAN

Mon, 23 May 2016 09:15:41 -0700 

Hello,

I'm new to shorewall. I am running shorewall on my openSUSE Linux PC 
which connects to the Internet through a Draytek router. There are other 
machines in the house using the same router but 'outside' this firewall, 
and I want some of them to be able to access a web2py server on port 
8081 running on the desktop PC which is running the firewall (ie. they 
will connect through the LAN).

I have added the MAC addresses of these machines to 
/etc/shorewall/maclist but they still get rejected.

/etc/shorewall/zones contains these lines

#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4

/etc/shorewall/interfaces contains

#ZONE           INTERFACE               OPTIONS
net             eth0                    maclist

/etc/shorewall/policy contains

#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK
$FW     net     ACCEPT
net     all     DROP            info
all     all     REJECT          info

/etc/shorewall/rules contains

?SECTION NEW
ACCEPT      net         $FW         tcp     8197
Rsync(ACCEPT)   net     $FW
ACCEPT      net         $FW         tcp     8081
Ping(DROP)  net         all

and /etc/shorewall/maclist contains

#DISPOSITION    INTERFACE               MAC                     IP ADDRESSES 
(Optional)
ACCEPT eth0 B4-CE-F6-9D-30-D5 192.168.1.12
ACCEPT eth0 44-1E-A1-F9-5F-18
ACCEPT eth0 00-22-5F-04-6F-06
ACCEPT eth0 00-21-9B-DB-45-D4
ACCEPT eth0 E8-99-C4-8E-BC-A5
ACCEPT eth0 5C-E0-C5-B7-3F-3B
ACCEPT eth0 76-2C-D8-7B-BC-50

Do you need any other information? Log file?

Many thanks,

Bob
-- 
Bob Williams
    System:  Linux 4.1.20-11-default
    Distro:  openSUSE 42.1 (x86_64)
    Desktop: KDE Frameworks: 5.21.0, Qt: 5.5.1 and Plasma:

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to