[Shorewall-newbies] Current situation, and eventual goals

Tim Chetelat tim at progfan.com
Thu Dec 4 15:51:42 PST 2003

I have DSL with 5 static IP's.  On one of these IP's, I have a Redhat8
machine, acting as firewall and service host, is the routable
IP address (ETH0).  There is a second NIC (ETH1); is the
non-routable IP address.  I would like to allow through ETH0: FTP, web, SSH,
and DNS (I host multiple websites on IIS (and soon Apache) and would like to
be able to host my own DNS, instead of relying on a 3rd party).  I would
like to allow all traffic both directions through ETH1, as there is a
hardware firewall in front of the other machines on the network, and
physical access to the computers is limited to just myself.

So, for ETH0, I want to allow ports 21, 80, 22, and 53 from net.

Included is a zip file with the relevant files.  I am able to see the
default website, so port 80 seems correct.  I am unable to connect with
command-line FTP from another machine (different routable IP).  I am
thinking that once I get that resolved, the rest will be a bit clearer.  I
am afraid that I am putting too much into the policy file.  I hope this is
somewhat clear, it's been a long day.  Thank you in advance for your help!

-----shorewall version

-----ip addr show

1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet brd scope host lo

2: eth0: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:09:5b:09:a9:da brd ff:ff:ff:ff:ff:ff
inet brd scope global eth0

3: eth1: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:30:1b:ac:76:54 brd ff:ff:ff:ff:ff:ff
inet brd scope global eth1

-----ip route show dev eth0 scope link dev eth1 scope link dev lo scope link

default via dev eth0

Tim Chetelat
tim at progfan.com 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: shorewall.zip
Type: application/x-zip-compressed
Size: 11703 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-newbies/attachments/20031204/0e845fa5/shorewall.bin

More information about the Shorewall-newbies mailing list