On Fri, 2003-08-15 at 01:40, Adam Niedzwiedzki wrote: > I'm getting the reject packet in my shorewall.log > Aug 15 08:39:27 talon Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00 > SRC=192.168.0.2 DST=192.168.0.1 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=28777 > DF PROTO=ICMP TYPE=8 CODE=0 ID=51042 SEQ=0 > I'm not sure what I have to add to shorewall to allow my internal > machines to access port 80 and the snmp port on my adsl modem. > #Shoreall Stuff > Zones file > dsl dsl ADSL Modem > net Net Internet > upnp UPNP UPNP Network > loc Local Local Networks > > Interfaces file > net ppp0 - routefilter > loc eth1 detect routestopped > dsl eth0 > > Policy file > net all DROP ULOG > all all REJECT ULOG > fw upnp ACCEPT > fw dsl ACCEPT
The policy file is order-dependent -- any policies after the "all all" policy are just wasted typing. > > And rules file > ..snip.. > ACCEPT fw dsl tcp 80 > ACCEPT fw dsl udp snmp > ..snip.. > Either reorder your policy file (in which case you can toss the rules) or delete the policy and add the rule: ACCEPT fw dsl icmp 8 And please post your future questions on the mailing list -- answering each person's questions individually simply isn't practical given the number of Shorewall users -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
