DYNAMIC_BLACKLIST=ipset-only,timeout=3600::info and in Rules at end ADD(SW_DBL4:src) net $FWand after some testing everything seemed to be working all OK. Using Shorewall 5.0.14.1
I have port 80 (web server) and 25 (Postfix server) open in my Rules file. Internal network using 192.168.1.1 on eth1
But as soon as I tried using the browser on my local network machine web sites, like Facebook, just stopped working.
I've tried to find a simple (I'm no IT specialist, just home hobbyist) explanation as to what I have done wrong or missed, and seemed to have hit a brick wall.
If someone could point me in right direction I would be very gratefully. Kind Regards, Nigel Aves. In case it helps, here is my rules file. DHCPfwd/ACCEPT loc fw # # DHCPfwd/ACCEPT $FW loc # # Accept for web -server ACCEPT net $FW tcp 80 # no ssl # ACCEPT net $FW tcp 443 # # # Turn FTP off when not transfering files from VideoKing # # FTP/ACCEPT net fw - 21 # ACCEPT net $FW tcp 6000:6100 # ###### use Webmin while away, turn off when returned. Here is the setting # Don't forget to turn on for trips. # # ACCEPT net $FW tcp 1xxxx # # SMTP/ACCEPT net $FW - 25 # DNS(ACCEPT) $FW net # Accept DNS connections from the firewall to the network # SSH(ACCEPT) loc $FW # # Accept SSH connections from the local network for administration # Ping(ACCEPT) loc $FW # # Allow Ping from the local network # # ## Internal accepts # #Cable TV forward DNAT net loc:192.168.1.180 udp 27177 DNAT net loc:192.168.1.180 udp 27178 DNAT net loc:192.168.1.180 tcp 27177 DNAT net loc:192.168.1.180 tcp 27178 # ACCEPT loc $FW tcp ACCEPT loc $FW udp # DNS(ACCEPT) loc $FW SMB(ACCEPT) loc $FW SMB(ACCEPT) $FW loc # DNS(ACCEPT) phone $FW ## Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
# Ping(DROP) net $FW ACCEPT $FW loc icmp ACCEPT $FW net icmp # ACCEPT $FW phone icmp # # turn on ipset to stop testing ports from outside # # ADD(SW_DBL4:src) net $FW
<<attachment: nigel.vcf>>
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users