I will try this and thanks for your help. It is much appreciated. -----Original Message----- From: Thomas Backlund [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 11:52 AM To: [EMAIL PROTECTED] Subject: Re: [expert] shore wall
From: "Lawson, Jim" <[EMAIL PROTECTED]> > This was the default except for 1000 and 3128. It doesn't work anyway that > is why I am asking. > 10000 us webmin. I hate running to the server to manage it. > > What I would like is to have everything bound to eth0 and deny all but ssh > to eth1. > then you should have this in /etc/shorewall/interfaces --- cut --- net eth1 detect loc eth0 detect #LAST LINE -- ... --- cut --- and this in /etc/shorewall/rules ---cut--- #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # ACCEPT net fw tcp 22 # accsess from lan to the firewall (ssh, dns, ipp, squid, webmin) ACCEPT loc fw tcp 22, 53, 631,3128, 10000 ACCEPT loc fw udp 53 # Let the services on the firewall get net access (dns, squid http port) ACCEPT fw net tcp 53, 80 ACCEPT fw net udp 53 # Special Samba rules between the lan and the firewall ACCEPT loc fw udp 137:139,445 ACCEPT loc fw tcp 137,139,445 ACCEPT loc fw udp 1024: 137 ACCEPT fw loc udp 137:139,445 ACCEPT fw loc tcp 137,139,445 ACCEPT fw loc udp 1024: 137 ---cut--- this is all you need as the conntrack modules keeps the returning info/packets happy, and you should have a secured firewall... then restart shorewall, and let me know if it works... -- Regards Thomas
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
