On 05/30/2011 04:56 PM, Tom Eastep wrote: > On 05/30/2011 12:05 AM, Farkas Levente wrote: > >> before this setup i've this in the rules: >> SSH(ACCEPT) net:$ADMIN_NET fw >> which was working, but after that i'm no longer able to access to the >> host:-( >> so in this case what is the right rule? net should have to be world or? > > '...no longer able to access..' isn't enough to go on. I would at least
this means i got "Connection refused" when i try to ssh. but if i replace: SSH(ACCEPT) net:$ADMIN_NET fw with SSH(ACCEPT) world:$ADMIN_NET fw than i can connect, but in this case i can connect from everywhere not just from $ADMIN_NET. so what does the net and world means in this case? of course $ADMIN_NET is the public ip's of the host from the net where i'd like to access ssh. > need to see what log message is generated when you try to access (the > output of 'shorewall dump' collected right after you tried to access > would be better) in order to tell you what's wrong. attached. >> and what's the reason of the: >> net all DROP info >> in the middle of the policy file when there is a reject at the end? > > So the box and it's VMs are stealth from the net. all other guest has it's own shorewall and win guest has rules on the host. so why is it needed? and anyway there is a all all REJECT at the end of policy file -- Levente "Si vis pacem para bellum!"
dump.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
