Re: [newbie] shorewall: how to open high port

Ronald Wed, 31 Mar 2004 07:57:03 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Op woensdag 31 maart 2004 15:24, schreef Fajar Priyanto:
> Dear all,
> Anyone using shorewall?
> I have this strange case. In my notebook, I set the policy and rules like
> this:
> #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
> net     $FW     DROP    ULOG
> $FW     net     ACCEPT  ULOG
> loc     net     ACCEPT  ULOG
> all     all     DROP    ULOG
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
>
> #ACTION  SOURCE         DEST            PROTO   DEST    SOURCE     ORIGINAL
> #                                               PORT    PORT(S)    DEST
> ACCEPT:ULOG     loc     $FW     tcp     110     -
> ACCEPT:ULOG     loc     $FW     tcp     25      -
> ACCEPT:ULOG     loc     $FW     tcp     22,21   -
> ACCEPT:ULOG     $FW     net     tcp     5050    -
> ACCEPT:ULOG     $FW     all     all     -       -
> DROP:ULOG       net     $FW     all     -       -
> ACCEPT:ULOG     net     $FW     tcp     80      -
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> And in my local server, very similar:
> #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
> fw      net     ACCEPT
> net     fw      DROP    info
> #net    all     DROP    info
> all     all     REJECT  info
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
>
> #ACTION  SOURCE         DEST            PROTO   DEST    SOURCE     ORIGINAL
> #                                               PORT    PORT(S)    DEST
> ACCEPT  net     fw      udp     53      -
> ACCEPT  net     fw      tcp
> 80,443,53,22,20,21,25,109,110,143,783,993,10000 -
> ACCEPT  fw      net     all     -
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> But the PROBLEM is:
> I can't connect to my server using FTP, nor from the server to my notebook.
> In /var/log/messages of the server, it drops high port:
> Mar 31 21:14:20 server2 kernel: Shorewall:net2fw:DROP:IN=eth0 OUT=
> MAC=00:09:6b:a5:b1:65:00:c0:9f:28:15:65:08:00 SRC=192.168.0.234
> DST=192.168.0.236 LEN=60 TOS=0x08 PREC=0x00 TTL=64 ID=29064 DF PROTO=TCP
> SPT=20 DPT=32802 WINDOW=5840 RES=0x00 SYN URGP=0
>
> Can anyone give me direction here? Why the setting doesn't work? How do I
> open this "high port"?
> TIA


adding

ACCEPT  fw      loc
ACCEPT  loc     all

did the trick for me


ronald
- -- 
Registered Linux User 163597
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAauhFoPgG5kUDwJIRAjJ3AKCkKfkwRCmZQxrmPgdx31YNrMuU8gCaA38E
ktTiYlb5ztnde/ksq0jIB4Q=
=DvjR
-----END PGP SIGNATURE-----

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Re: [newbie] shorewall: how to open high port

Reply via email to