Re: [Shorewall-users] Shorewall with FTP and WEB Server Connection problem

Thu, 16 Jul 2009 00:23:38 -0700 

Dear Tom,

I already reconfigure the rules like your explanation..  

Accept     net     local     

But it still doesn't work.. or it's because my topology is nod standarized with 
the shorewall network architecture.. ??

See ;
 The shorewall has 2 ethernet with public IP:
> eth0 = 200.x.x.1 (public ip)
> eth1 = 200.x.x.2 (public ip)
> eth1:1 = 60.x.x.1 (public ip)

I 've given the eth1 as local not dmz , is it possible to give public ip as 
local..???

Regards,
Wisnu




________________________________
From: Tom Eastep <[email protected]>
To: Shorewall Users <[email protected]>
Sent: Friday, July 10, 2009 8:47:46 PM
Subject: Re: [Shorewall-users] Shorewall with FTP and WEB Server Connection 
problem

wisnu dwi hidayat wrote:

> /etc/shorewall/rules
> ########################################################################
> 
> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
> 
> # PORT PORT(S) DEST LIMIT GROUP
> 
> #SECTION ESTABLISHED
> 
> #SECTION RELATED
> 
> 
> ACCEPT local fw tcp 53
> ACCEPT local fw udp 53
> ACCEPT net fw tcp 53
> ACCEPT net fw udp 53

You run a public DNS server on your firewall?

> 
> ACCEPT local fw tcp 80
> ACCEPT net fw tcp 80

And an HTTP server?

> 
> ACCEPT local fw tcp 20

NO NO NO NO -- Please read http://www.shorewall.net/FTP.html
> 
> ACCEPT local fw tcp 21
> 
> ACCEPT local fw tcp 22
> ACCEPT net fw tcp 22
> ACCEPT fw local tcp 22
> 
> ACCEPT local fw tcp 10000
> ACCEPT net fw tcp 10000
> 
> ACCEPT net fw tcp 25,110,143
> ACCEPT fw net tcp 25,110,143
> ACCEPT local fw tcp 25,110,143
> REJECT local net tcp 25,110,143

You have no net->local ACCEPT rules so connections from the internet to
your server are not allowed.

You seem to be confused about how zones work. Your ftp server/web
server/Proxy is in the 'local' zone, not the 'fw' zone. Connections to
that server from the internet require rules of the form:

ACCEPT    net    local    ...

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,        \ died peacefully in his sleep. Not screaming like
Washington, USA    \ all of the passengers in his car
http://shorewall.net \________________________________________________


      
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to