[Shorewall-newbies] Current situation, and eventual goals

Francesca C Smith fsmith at ladylinux.com
Thu Dec 4 21:04:55 PST 2003


Hello,

Well the two interface examples might lead you down the wrong path ..

You don't need the MASQ file in it for example ..

In Your Policy .. uncomment the following line

#fw             net             ACCEPT

And ADD the following line

loc             fw              ACCEPT

... This will allow two things .. Your firewall can access the Net freely 
.. And You Have No Restrictions from your local zone to the FW

Then in your Rules file ..

Place the appropriate REJECT or DROP , ACCEPT rules .. To And From Each 
Zone ...

Examples:

REJECT  loc     fw      tcp     135,137         #       Kill Netbios 
Chatter (Actual Rule Will Be More In Depth And This May Hose Samba)

REJECT  loc     fw      udp 
135,139,445,593,666:765,1214,1433,1434,1728,3333,4444,5732 # Microsoft Hey 
My Computer Has A Worm Ports

ACCEPT  net     fw      tcp     21,22,25,80,443         # Allow Internet 
Access To FTP, SSH, SMTP And Web To FW

ACCEPT  net     fw      udp     53                      # I want to allow 
DNS querys to my box

Hope This Helps,

Francesca


At 08:42 PM 12/4/2003, Tim Chetelat wrote:
>Currently hosting web, email, and ftp on the Win2k server.  I want to have
>the redhat 8 machine host also, for different purposes.  I could get another
>router / nat / firewall device to put in front of the linux machine, but
>that seems silly when redhat can do what I need on it's own.  Eth1 is for
>local admin and Samba.
>
>Tim Chetelat
>tim at progfan.com
>
> > -----Original Message-----
> > From: Francesca C Smith [mailto:fsmith at ladylinux.com]
> > Sent: Thursday, December 04, 2003 5:37 PM
> > To: Tim Chetelat
> > Cc: shorewall-newbies at lists.shorewall.net
> > Subject: RE: [Shorewall-newbies] Current situation, and eventual goals
> >
> > Hello,
> >
> > Ok .. Well I am still mystified what the routing purpose of the Red Hat
> > Machine Is ..
> >
> > Let me take a stab .. From my point of view ...
> >
> > Eth0 is for Web access ... SSH .. etc .. You are going to run a public web
> > server etc on the FW
> >
> > Eth1 is for local admin support .. ???
> >
> > Sorry But I Am Seeing What You Are Trying To Accomplish .. Just need to
> > fill in the blanks
> >
> > Francesca
> > At 08:31 PM 12/4/2003, Tim Chetelat wrote:
> > >Yes.  The router/net/firewall device on routable IP 66.134.241.78 is a
> > >separate device, that just handles the windows machines.  The redhat 8
> > >server is running Shorewall, and will just provide firewall for that
> > >machine.
> >
> > "No Problems Only Solutions"
> > Francesca C. Smith
> > Lady Linux Internet Services
> > fsmith at ladylinux.com
> >

"No Problems Only Solutions"
Francesca C. Smith
Lady Linux Internet Services
fsmith at ladylinux.com




More information about the Shorewall-newbies mailing list