[Shorewall-newbies] firewall setup error help! please! asap
oilfield123 at hotmail.com
Mon Dec 8 03:32:50 PST 2003
thanks guys ... i can see you understand my situation and are REALLY trying
to help me, i appreciate that and YES....... i DIDN'T set this up...some
other "expert" installed it and i'm trying to put the pieces together so i
have some semblance of security :)
and yes they are public ip's on the "loc" zone.... so if i understand you
correctly i should just comment out these lines in the policy file and then
explicitly "allow" them in my rules file right?
hmmmmmm, that would also explain why when i tried a few rules it made no
ps ... you keep mentioning about a dmz zone is better for security .... how
does that work..... i do have 2 nic's in my server right now... how would
you suggest i change that....
could you "spell out a rule i could use to allow ftp access to my webserver
in the loc zone.... no i don't have a dmz zone.....:)
> > Ok. The policy file you have created makes most of your rules
> > obsolete.
> > >loc net ACCEPT
> > >net loc ACCEPT
> > the above allows all traffic between your loc and net zones!!!! thus,
> > any net2loc or loc2net rules are useless. This is a good way to get
> > hacked. If you had windows boxes in the loc zone, I bet they did get
> > hacked.
> > > # remove the comment from the following line.
> > > fw net ACCEPT
>Lets be fair .. Looks like some one with out a clue set this up ( The
>Original Person not Sterling ) .. And this is newbies .. (I would grab
>at least the two interface examples and work from there)
>And yes .. lose all the shorewall files .. reload .. slash and burn ..
Winterize your home with tips from MSN House & Home.
More information about the Shorewall-newbies