Hi, I am using Bering -uClibc now for more than a year (after > 2 year the earlier versions) and I think it is the best firewall there is especially as it can run on a memory only system. I now, however have a small problem with Shorewall. For some reasons I want to give ssh access to the firewall from another system. So I set in the Rules file the appropriate ACCEPT statements. However, Shorewall refuses to give TCP access to the system. Here is the result of my Rules file when Shorewall is restarting:
[EMAIL PROTECTED] svi shorewall restart Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Restarting Shorewall... Initializing... Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Local Zone: eth1:0.0.0.0/0 Processing /etc/shorewall/init ... Deleting user chains... Creating input Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Adding rules for DHCP Enabling RFC1918 Filtering Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule "ACCEPT fw net tcp 53" added. Rule "ACCEPT fw net udp 53" added. Rule "ACCEPT fw net:nic.lth.se tcp" added. Rule "ACCEPT fw net udp 37,123" added. Rule "ACCEPT loc fw tcp 22,20,21" added. Rule "ACCEPT net:xxx.xxx.xxx.xxx fw tcp 22" added. (for security) Rule "ACCEPT fw net:xxx.xxx.xxx.xxx tcp" added. (idem) Rule "ACCEPT loc fw icmp 8" added. Rule "ACCEPT net fw icmp 8" added. Rule "ACCEPT fw loc icmp 8" added. Rule "ACCEPT fw net icmp 8" added. Rule "ACCEPT loc fw udp 53" added. Rule "ACCEPT loc fw tcp 80" added. Processing /etc/shorewall/policy... Policy REJECT for fw to net using chain all2all Policy ACCEPT for fw to loc using chain fw2loc Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net using chain loc2net Masqueraded Subnets and Hosts: To 0.0.0.0/0 from 192.168.100.0/24 through eth0 Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16" added. Rule "all all tcp ftp-data - 8" added. Rule "all all tcp - ftp-data 8" added. Processing /etc/shorewall/ecn... Activating Rules... Processing /etc/shorewall/start ... Shorewall Restarted I don't know what the problem is as the route to nic.lth.se (an ntp server) can well be established. I am running -uClib version 2.0 - as I have some problems with the newer versions - and Shorewall 1.4.5 on a 90 Mhz Winchip system memory only (no disks). I also want to know if dropbear looks at both channels (net & loc) or only at one? Can somebody point to my error of thinking with Shorewall? Thanks in advance Joep ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
