Dear Master,
I need your help, I am configuring shorewall with FTP and WEB Server
behind the shorewall box. The problem is that I can't connected to the
FTP and WEB Server. But Internet connection from the PRoxy Server So
far so good through to the LAN.. Here is my topolgy below;
Internet======>Shorewall====>Switch====>FTP,WEBSERVER,PROXY=====>LAN
The shorewall has 2 ethernet with public IP:
eth0 = 200.x.x.1 (public ip)
eth1 = 200.x.x.2 (public ip)
eth1:1 = 60.x.x.1 (public ip)
The FTP has 2 ethernet with 1 public ip and 1 more private ip;
eth0 = 60.x.x.2 (public ip)
eth1 = 192.x.x.2 (private ip/lan)
The WEBServer has 2 ethernet with 1 public ip and 1 more private ip;
eth0 = 60.x.x.3 (public ip)
eth1 = 192.x.x.3 (private ip/lan)
The PROXY has 2 ethernet with 1 public ip and 1 more private ip;
eth0 = 202.x.x.3 (public ip)
eth1 = 192.x.x.4 (private ip/lan)
Here is my shorewall configuration..
/etc/shorewall/zones
########################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
net ipv4
local ipv4
fw firewall
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/shorewall/interfaces
########################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0
local eth1
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/policy
########################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
fw all ACCEPT
net all DROP
local all ACCEPT
#LAST LINE -- DO NOT REMOVE
/etc/shorewall/masq
########################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
/etc/shorewall/rules
########################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
ACCEPT local fw tcp 53
ACCEPT local fw udp 53
ACCEPT net fw tcp 53
ACCEPT net fw udp 53
ACCEPT local fw tcp 80
ACCEPT net fw tcp 80
ACCEPT local fw tcp 20
ACCEPT local fw tcp 21
ACCEPT local fw tcp 22
ACCEPT net fw tcp 22
ACCEPT fw local tcp 22
ACCEPT local fw tcp 10000
ACCEPT net fw tcp 10000
ACCEPT net fw tcp 25,110,143
ACCEPT fw net tcp 25,110,143
ACCEPT local fw tcp 25,110,143
REJECT local net tcp 25,110,143
#SECTION NEW
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
I
don't know what is the wrong with my configuration.. Why my Web Server
and FTP can not be accessed..?? Please give me advise or any sugestion
and idea are welcome..
Regards,
Wisnu
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
