Well, i have considered change my configuration and accept connections, but
i don't know the risk that i could suffer. Then, I was thinking about a
method (rules) for change only that connection. Also, i have to allow IMAPs
and SMTPs (thunderbird) but happens the same (connection refused).
In that case, i will modify loc net but i don't know if its secure or not.
El 19 de octubre de 2008 18:41, Roberto C. Sánchez
<[EMAIL PROTECTED]>escribió:
> Carlos,
>
> Parece que la configuración que tiene va seguir causando problemas.
>
> On Sun, Oct 19, 2008 at 12:21:33PM +0200, Carlos Carrero Gutierrez wrote:
> >
> > Policy:
> > loc net DROP
> > loc $FW REJECT info
> > loc all REJECT info
> >
> Con estos, estás bloquendo paquetes que tratan de salir. Debes quitar
> esas tres lineas.
>
> > #
> > # Policies for traffic originating from the firewall ($FW)
> > #
> > # If you want open access to the Internet from your firewall, change the
> > # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL.
> > # This may be useful if you run a proxy server on the firewall.
> > $FW net REJECT info
> > $FW loc REJECT info
> > $FW all REJECT info
> >
> Lo mismo con estos.
>
> > #
> > # Policies for traffic originating from the Internet zone (net)
> > #
> > net $FW DROP info
> > net loc DROP info
> > net all DROP info
> >
> > # THE FOLLOWING POLICY MUST BE LAST
> > all all REJECT info
> >
> Estos tienen sentido.
>
> En mi configuración, yo tengo lo siguiente:
>
> loc net ACCEPT
> fw all ACCEPT
> net all DROP info
> all all REJECT info
>
> Ahora, para ayudarte en más detalle, hace falta saber cual versión de
> Shorewall usas (y si es Shorewall-shell o Shorewall-perl). Tambien,
> cual distribución de Linux y cual es la versión de la distribución.
>
> Tambien, este documento: http://www.shorewall.net/two-interface.htm
>
> La configuración que se da en esa página funciona para la mayoria de la
> gente que tienen una sistema con dos interfazes.
>
> Saludos,
>
> -Roberto
>
> --
> Roberto C. Sánchez
> http://people.connexer.com/~roberto<http://people.connexer.com/%7Eroberto>
> http://www.connexer.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFI+2Mh5SXWIKfIlGQRAqMaAJ4juZqoh7mkwDI7Jz4Li6vV+PSRZgCfe6+X
> L74JsArAQYxw51k4xDqJLjo=
> =cwJM
> -----END PGP SIGNATURE-----
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
