Hi,
I use Ubuntu server 18.04 which is configured as a home router, gate,
firewall.
My ISP give me local IP address 192.168.15.145 which is seen from the
internet as public address 46.xxx.xxxx.xxxx.
I can login on my Ubuntu server (SSH) from local LAN or WLAN hosts
(using 10.10.10.1 and port 2225)
but cannot login using public address 46.xxx.xxx.xxxx from my LAN/WLAN.
At the same time I can login to my server using address 46.xxx.xxx.xxxx
from other devices (eg my phone or tablet connected to GSM/LTE network).
How to change Shorewall configuration to enabe SSH access to my public
address 46.xxx.xxxx.xxxx from the local hosts?
See my current Shorewall configuration files below.
etc/shorewall/zones
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
road ipv4
etc/shorewall/policy
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
loc $FW ACCEPT
$FW net ACCEPT
$FW loc ACCEPT
road loc ACCEPT
loc road ACCEPT
road $FW ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
etc/shorewall/interfaces
###############################################################################
?FORMAT 1
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net enp1s0 detect tcpflags,logmartians,nosmurfs
loc enp3s0f1 detect dhcp
loc wlp4s0 detect dhcp,maclist,wait=10
road tun0 detect
etc/shorewall/snat
###########################################################################################################################################
#ACTION SOURCE DEST PROTO PORT IPSEC
MARK USER SWITCH ORIGDEST PROBABILITY
#
SNAT(192.168.15.145) 10.10.10.0/24,\
10.10.11.0/24 enp1s0
etc/shorewall/rules
######################################################################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS
SWITCH HELPER
# PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
#
# Accept DNS connections from the firewall to the network
#
#DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH(ACCEPT) loc $FW
#
# Allow Ping from the local network
#
Ping(ACCEPT) loc $FW
#
# Drop Ping from the "bad" net zone.. and prevent your log from being
flooded..
#
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
#
#
ACCEPT net $FW tcp 6535
ACCEPT net $FW udp 6534
ACCEPT net $FW tcp 1007
ACCEPT net $FW tcp 2225
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
