Carlos Carrero Gutierrez wrote: > Rules: > Web/ACCEPT $FW net > > # Accept DNS connections from the firewall to the network > # > DNS/ACCEPT $FW net > # > # Accept SSH connections from the local network for administration > # > SSH/ACCEPT loc $FW > # > # Allow Ping from the local network > # > Ping/ACCEPT loc $FW > > # > # Reject Ping from the "bad" net zone.. and prevent your log from being > flooded.. > # > > Ping/REJECT net $FW > > ACCEPT $FW loc icmp > ACCEPT $FW net icmp > # > > Policy: > loc net DROP
That policy prohibits all access from your local systems to the Internet. And it does so silently (No log messages are produced). It is NOT the default -- the default is loc net ACCEPT Changing that policy will allow bittorrent from your local systems (and all other access like web, DNS, email, etc). > loc $FW REJECT info > loc all REJECT info > > # > # Policies for traffic originating from the firewall ($FW) > # > # If you want open access to the Internet from your firewall, change the > # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL. > # This may be useful if you run a proxy server on the firewall. > $FW net REJECT info That policy prohibits all access from the firewall to the Internet. You have a couple of rules above that allow DNS, Ping, and Web access BUT THAT IS ALL. So if you want bittorrent access from the firewall itself, you need to add something like: BitTorrent/ACCEPT $FW net in /etc/shorewall/rules. > $FW loc REJECT info > $FW all REJECT info > > # > # Policies for traffic originating from the Internet zone (net) > # > net $FW DROP info > net loc DROP info > net all DROP info > > # THE FOLLOWING POLICY MUST BE LAST > all all REJECT info > > Zones: > fw firewall > net ipv4 > loc ipv4 > > This is the configuration, how i get download by Bittorrent? It depends on whether you want to run a bittorrent client on the firewall or on a local system behind the firewall. See above. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
