On Thu, Mar 28, 2013 at 11:04:33AM -0400, Donald S. Doyle wrote: > Hello, > > Actually, I have two web servers and I want to have http/port 80 access to > the router that Shorewall is on and the 2 web servers. I do not have a dmz, > just eth0(wan), $fw & eth1(lan). Having said that, should I ACCEPT wan to > ANY? > That would be a bad idea. Assuming your two webservers on the LAN have public IP addresses, I would do this:
ACCEPT/HTTP wan lan:1.2.3.4,1.2.3.5 That will allow port 80 traffic entering from the WAN to only go to the two webserver hosts. If you accept traffic to 'any' that allows port 80 traffic to enter and go to any host on your network (if you have an UPS or a router running a web interface for administration, that could be a bad thing). Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users