[Shorewall-newbies] Current situation, and eventual goals
Francesca C Smith
fsmith at ladylinux.com
Thu Dec 4 21:04:55 PST 2003
Well the two interface examples might lead you down the wrong path ..
You don't need the MASQ file in it for example ..
In Your Policy .. uncomment the following line
#fw net ACCEPT
And ADD the following line
loc fw ACCEPT
... This will allow two things .. Your firewall can access the Net freely
.. And You Have No Restrictions from your local zone to the FW
Then in your Rules file ..
Place the appropriate REJECT or DROP , ACCEPT rules .. To And From Each
REJECT loc fw tcp 135,137 # Kill Netbios
Chatter (Actual Rule Will Be More In Depth And This May Hose Samba)
REJECT loc fw udp
135,139,445,593,666:765,1214,1433,1434,1728,3333,4444,5732 # Microsoft Hey
My Computer Has A Worm Ports
ACCEPT net fw tcp 21,22,25,80,443 # Allow Internet
Access To FTP, SSH, SMTP And Web To FW
ACCEPT net fw udp 53 # I want to allow
DNS querys to my box
Hope This Helps,
At 08:42 PM 12/4/2003, Tim Chetelat wrote:
>Currently hosting web, email, and ftp on the Win2k server. I want to have
>the redhat 8 machine host also, for different purposes. I could get another
>router / nat / firewall device to put in front of the linux machine, but
>that seems silly when redhat can do what I need on it's own. Eth1 is for
>local admin and Samba.
>tim at progfan.com
> > -----Original Message-----
> > From: Francesca C Smith [mailto:fsmith at ladylinux.com]
> > Sent: Thursday, December 04, 2003 5:37 PM
> > To: Tim Chetelat
> > Cc: shorewall-newbies at lists.shorewall.net
> > Subject: RE: [Shorewall-newbies] Current situation, and eventual goals
> > Hello,
> > Ok .. Well I am still mystified what the routing purpose of the Red Hat
> > Machine Is ..
> > Let me take a stab .. From my point of view ...
> > Eth0 is for Web access ... SSH .. etc .. You are going to run a public web
> > server etc on the FW
> > Eth1 is for local admin support .. ???
> > Sorry But I Am Seeing What You Are Trying To Accomplish .. Just need to
> > fill in the blanks
> > Francesca
> > At 08:31 PM 12/4/2003, Tim Chetelat wrote:
> > >Yes. The router/net/firewall device on routable IP 188.8.131.52 is a
> > >separate device, that just handles the windows machines. The redhat 8
> > >server is running Shorewall, and will just provide firewall for that
> > >machine.
> > "No Problems Only Solutions"
> > Francesca C. Smith
> > Lady Linux Internet Services
> > fsmith at ladylinux.com
"No Problems Only Solutions"
Francesca C. Smith
Lady Linux Internet Services
fsmith at ladylinux.com
More information about the Shorewall-newbies