[Shorewall-newbies] problems

Francesca C. Smith fsmith at ladylinux.com
Sat Dec 27 21:11:40 PST 2003


Hello,

> >
> well thanks for that quick fix on last one 
> i own domain dragonbox.net and nooone can access my www 
> through dragonbox.net or 66.162.175.19 
> here is my rules file to see if this helps
> 
> ACCEPT          loc             fw              tcp     53
> ACCEPT          loc             fw              udp     53
> ACCEPT          loc             fw              tcp     22
> ACCEPT          loc             fw              icmp    8
> ACCEPT          net             fw              icmp    8
> ACCEPT          fw              net             tcp     53
> ACCEPT          fw              net             udp     53
> ACCEPT          fw              loc             icmp    8
> ACCEPT          fw              net             icmp    8
> ACCEPT          fw              net             tcp     21
> ACCEPT          fw              net             tcp     22
> ACCEPT          fw              net             tcp     23
> ACCEPT          fw              net             tcp     25
> ACCEPT          fw              net             tcp     53
> ACCEPT          fw              net             tcp     79
> ACCEPT          fw              net             tcp     80
> ACCEPT          fw              net             tcp     110
> ACCEPT          fw              net             tcp     443
> ACCEPT          fw              net             tcp     901
> ACCEPT          fw              net             tcp     953
> ACCEPT          fw              net             tcp     3306
> ACCEPT          fw              net             tcp     10000
> ACCEPT          fw              net             tcp     7000
> ACCEPT          fw              net             tcp     7001
> ACCEPT          fw              net             tcp     7002

Ok .. First thing .. you can specify rules like so 21,22,23,25 .. 

Second Thing .. You got one rule for net to FW ... I would assume that
these folks accessing your web server .. Which is where ??? would need
those ports open .. 

Third thing .. what are you trying to access from the FW to the net ???
It looks like your rules are backwards .. But I could be wrong .. 

Hint .... ACCEPT "SOURCE"	"DESTINATION" 

Francesca



More information about the Shorewall-newbies mailing list