[Shorewall-newbies] firewall setup error help! please! asap

Francesca C. Smith fsmith at ladylinux.com
Sun Dec 7 21:24:40 PST 2003


Hello,

Are you gonna answer my question about using a DMZ for this ???

Francesca
On Sun, 2003-12-07 at 20:42, Sterling Martin wrote:
> ooooooooops i forgot to all the rules file in .....;(
> 
> 
> 
> #       Accept DNS connections from the firewall to the network
> #
> ACCEPT          fw              net             tcp     53
> ACCEPT          fw              net             udp     53
> 
> 
> #DNS
> ACCEPT          net             loc             tcp     53
> ACCEPT          net             loc             udp     53
> 
> 
> #
> #       Accept SSH connections from the local network for administration
> #
> ACCEPT          loc             fw              tcp     22
> #ACCEPT         net:205.206.12.242              fw              tcp     22
> #ACCEPT         net:205.206.12.245              fw              tcp     22
> ACCEPT          net:24.67.168.252               fw              tcp     22
> 
> #Uncomment and provide the correct source IP for port scans
> #ACCEPT         net:205.206.12.242              loc             tcp     -
> #ACCEPT         net:205.206.12.245              loc             udp     -
> 
> 
> #       Allow Ping From Firewall
> #
> #ACCEPT          loc             fw              icmp    8
> #ACCEPT          net             fw              icmp    8
> ACCEPT           fw              loc             icmp    8
> ACCEPT           fw              net             icmp    8
> #
> # Bering specific rules:
> # allow loc to fw udp/53 for dnscache to work
> # allow loc to fw tcp/80 for weblet to work
> #
> ACCEPT          loc       fw            udp     53
> ACCEPT          loc       fw            tcp     80
> 
> 
> #ITS Group open ports
> #SMTP
> # org settings thses 2 lines
> ACCEPT          net     loc             tcp     25
> ACCEPT          net     loc             udp     25
> 
> 
> 
> 
> #SMTP
> # org settings thses 2 lines
> ACCEPT          net     loc             tcp     25
> ACCEPT          net     loc             udp     25
> 
> #smtp my version
> #ACCEPT         net     loc:64.141.50.30        tcp     25
> #ACCEPT         net     loc:64.141.50.16        tcp     25
> #ACCEPT         NET     LOC:64.141.50.17        TCP     25
> 
> 
> #HTTP
> ACCEPT          net     loc             tcp     80
> ACCEPT          net     loc             udp     80
> 
> #POP
> ACCEPT          net     loc             tcp     110
> ACCEPT          net     loc             udp     110
> 
> #IMAP
> ACCEPT          net     loc             tcp     143
> ACCEPT          net     loc             udp     143
> 
> 
> 
> #SSL
> ACCEPT          net     loc             tcp     443
> ACCEPT          net     loc             udp     443
> 
> #MS-Terminal Server
> ACCEPT          net     loc             tcp     3389
> ACCEPT          net     loc             udp     3389
> 
> #VNC
> ACCEPT          net     loc             tcp     5900
> ACCEPT          net     loc             udp     5900
> 
> # drop icmp and block sql and mailserver and dns
> DROP            net     fw              icmp    8
> DROP            net     loc:64.141.50.27        all
> DROP            net     loc:64.141.50.15        all
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> >Hello,
> >
> >Does this firewall have the ability to have what is know as a "DMZ" zone
> >.. ??
> >
> >(Requires Extra Interface) .. Because I am not totally sure what is in
> >the "LOC" zone .. but if you use a DMZ .. you will have isolation .. And
> >greater security ..
> >
> >Francesca
> >
> >PS: Please Reply To All So The List Gets The Thread
> >
> 
> _________________________________________________________________
> Shop online for kids toys by age group, price range, and toy category at 
> MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com
> 
> 



More information about the Shorewall-newbies mailing list