[Shorewall-newbies] How can I add a zone on a fixed public IP

Tom Eastep teastep at shorewall.net
Wed Feb 18 12:08:00 PST 2004


On Wednesday 18 February 2004 12:04 pm, Eugene Ventimiglia wrote:
> I've tried:
>
> Interfaces:
> -       eth0    detect  routestopped
> srv     eth1    detect  routestopped
>
> Hosts:
> ofc             eth0:68.160.198.206
> net             eth0:0.0.0.0/0
>
> Policy:
> $FW             all             ACCEPT
> srv             all             ACCEPT
> ofc             all             ACCEPT
> net             all             DROP            info
>
> When I try to connect from ofc to srv, I get the following in the log:
>
> Feb 18 10:18:13 mkfrwsrv-nyc001 kernel: Shorewall:net2all:DROP:IN=eth0
> OUT=eth1 SRC=68.160.198.206 DST=192.168.3.20 LEN=48 TOS=0x00 PREC=0x00
> TTL=117 ID=12213 DF PROTO=TCP SPT=4289 DPT=3389 WINDOW=16384 RES=0x00 SYN
> URGP=0
>
> Any suggestions?

Be sure that ofc is defined BEFORE net in /etc/shorewall/zones.

See http://www.shorewall.net/Multiple_Zones.html

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list