Hi all me again, Cheers Tom, my mail filter does the same, I'll just post to the list, save the double up ;) I'm pretty sure I'm missing one line somewhere. I can ping the modem from the firewall but not from my internal lan. I think now that it may be a routing issue at the ip layer as I'm no longer getting rejected packets in the shorewall.log but I'm actually not sure.. :( I have update the following files on my firewall. Policy file fw upnp ACCEPT net all DROP ULOG all all REJECT ULOG Rules file ACCEPT loc fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 ACCEPT fw dsl icmp 8 ACCEPT loc dsl icmp 8 # ACCEPT loc fw udp 53 ACCEPT loc fw tcp 80 ACCEPT loc dsl tcp 80 # RFC1918 file (Added at the top) 192.168.0.1 RETURN 192.168.0.2 RETURN Thanks in advance Adam -----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED] Sent: Friday, 15 August 2003 11:20 PM To: Adam Niedzwiedzki Cc: Leaf User List Subject: RE: [leaf-user] Access ADSL modem SNMP/Config page
On Fri, 2003-08-15 at 01:40, Adam Niedzwiedzki wrote: > I'm getting the reject packet in my shorewall.log > Aug 15 08:39:27 talon Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00 > SRC=192.168.0.2 DST=192.168.0.1 LEN=84 TOS=00 PREC=0x00 TTL=64 > ID=28777 DF PROTO=ICMP TYPE=8 CODE=0 ID=51042 SEQ=0 I'm not sure what > I have to add to shorewall to allow my internal machines to access > port 80 and the snmp port on my adsl modem. #Shoreall Stuff > Zones file > dsl dsl ADSL Modem > net Net Internet > upnp UPNP UPNP Network > loc Local Local Networks > > Interfaces file > net ppp0 - routefilter > loc eth1 detect routestopped > dsl eth0 > > Policy file > net all DROP ULOG > all all REJECT ULOG > fw upnp ACCEPT > fw dsl ACCEPT The policy file is order-dependent -- any policies after the "all all" policy are just wasted typing. > > And rules file > ..snip.. > ACCEPT fw dsl tcp 80 > ACCEPT fw dsl udp snmp > ..snip.. > Either reorder your policy file (in which case you can toss the rules) or delete the policy and add the rule: ACCEPT fw dsl icmp 8 And please post your future questions on the mailing list -- answering each person's questions individually simply isn't practical given the number of Shorewall users -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html