Re: [Shorewall-users] Ubuntu 17.10 Shorewall configuration?

Wed, 31 Jan 2018 05:30:04 -0800 

If a device on the LAN can't get to the internet through the Shorewall/gateway, 
it
points the finger at /etc/shorewall/snat not being correct.

What is the contents of /etc/shorewall/snat?

Also show the output of these two commands run on the Shorewall/gateway machine:
ip -o -4 addr
ip -o -4 route

Are there any messages in the log?

Bill


On 1/31/2018 7:19 AM, Bernard Drozd wrote:
So I guess  that after checking and correcting the shorewall's configuration files  routing (eg connecting from LAN to the internet) should work. 
But in fact  it doesn't.
Please log on my testing machine and check what could disable/block shorewall :
http://drive.google.com/uc?export=view&id=1GMRU8w0EoZpfah9xiet4u-4Xhj5O4nJi
Currently I'm runing on simple configuration (/etc/network/if-up.d/firewall -see below) and routing for LAN and WLAN working just fine. I'd like to try shorewall but I don't know why it doesn't work on my machine. 

#!/bin/sh

WAN=enp1s0

/sbin/modprobe iptables > /dev/null 2>&1
/sbin/modprobe nf_conntrack > /dev/null 2>&1
/sbin/modprobe nf_conntrack_ftp > /dev/null 2>&1
/sbin/modprobe ip_nat_ftp > /dev/null 2>&1

iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -F -t nat
iptables -F -t mangle

iptables -P INPUT DROP
iptables -A INPUT ! -i ${WAN} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

iptables -I INPUT -p tcp --dport 22 -i ${WAN} -j ACCEPT

exit 0

Regards,
B

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to