-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Op woensdag 31 maart 2004 15:24, schreef Fajar Priyanto: > Dear all, > Anyone using shorewall? > I have this strange case. In my notebook, I set the policy and rules like > this: > #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST > net $FW DROP ULOG > $FW net ACCEPT ULOG > loc net ACCEPT ULOG > all all DROP ULOG > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > ACCEPT:ULOG loc $FW tcp 110 - > ACCEPT:ULOG loc $FW tcp 25 - > ACCEPT:ULOG loc $FW tcp 22,21 - > ACCEPT:ULOG $FW net tcp 5050 - > ACCEPT:ULOG $FW all all - - > DROP:ULOG net $FW all - - > ACCEPT:ULOG net $FW tcp 80 - > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > And in my local server, very similar: > #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST > fw net ACCEPT > net fw DROP info > #net all DROP info > all all REJECT info > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > ACCEPT net fw udp 53 - > ACCEPT net fw tcp > 80,443,53,22,20,21,25,109,110,143,783,993,10000 - > ACCEPT fw net all - > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > But the PROBLEM is: > I can't connect to my server using FTP, nor from the server to my notebook. > In /var/log/messages of the server, it drops high port: > Mar 31 21:14:20 server2 kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= > MAC=00:09:6b:a5:b1:65:00:c0:9f:28:15:65:08:00 SRC=192.168.0.234 > DST=192.168.0.236 LEN=60 TOS=0x08 PREC=0x00 TTL=64 ID=29064 DF PROTO=TCP > SPT=20 DPT=32802 WINDOW=5840 RES=0x00 SYN URGP=0 > > Can anyone give me direction here? Why the setting doesn't work? How do I > open this "high port"? > TIA
adding ACCEPT fw loc ACCEPT loc all did the trick for me ronald - -- Registered Linux User 163597 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAauhFoPgG5kUDwJIRAjJ3AKCkKfkwRCmZQxrmPgdx31YNrMuU8gCaA38E ktTiYlb5ztnde/ksq0jIB4Q= =DvjR -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________