wisnu dwi hidayat wrote: > /etc/shorewall/rules > ######################################################################## > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK > > # PORT PORT(S) DEST LIMIT GROUP > > #SECTION ESTABLISHED > > #SECTION RELATED > > > ACCEPT local fw tcp 53 > ACCEPT local fw udp 53 > ACCEPT net fw tcp 53 > ACCEPT net fw udp 53
You run a public DNS server on your firewall? > > ACCEPT local fw tcp 80 > ACCEPT net fw tcp 80 And an HTTP server? > > ACCEPT local fw tcp 20 NO NO NO NO -- Please read http://www.shorewall.net/FTP.html > > ACCEPT local fw tcp 21 > > ACCEPT local fw tcp 22 > ACCEPT net fw tcp 22 > ACCEPT fw local tcp 22 > > ACCEPT local fw tcp 10000 > ACCEPT net fw tcp 10000 > > ACCEPT net fw tcp 25,110,143 > ACCEPT fw net tcp 25,110,143 > ACCEPT local fw tcp 25,110,143 > REJECT local net tcp 25,110,143 You have no net->local ACCEPT rules so connections from the internet to your server are not allowed. You seem to be confused about how zones work. Your ftp server/web server/Proxy is in the 'local' zone, not the 'fw' zone. Connections to that server from the internet require rules of the form: ACCEPT net local ... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
