[Shorewall-newbies] How can I add a zone on a fixed public IP

Sakthivel Subramanian sakthi at altair.com
Wed Feb 18 12:20:42 PST 2004

Is there any reason why you have to do it as a zone ?

The easiest way to accomplish what you are doing is to add rule on
ACCEPT:info     net:       srv             tcp     3389

No need to add a new zone on zones file or host in the hosts file.

-----Original Message-----
From: shorewall-newbies-bounces at lists.shorewall.net
[mailto:shorewall-newbies-bounces at lists.shorewall.net] On Behalf Of Eugene
Sent: Wednesday, February 18, 2004 3:04 PM
To: shorewall-newbies at lists.shorewall.net
Subject: [Shorewall-newbies] How can I add a zone on a fixed public IP

I've tried:

-       eth0    detect  routestopped
srv     eth1    detect  routestopped

ofc             eth0:
net             eth0:

$FW             all             ACCEPT
srv             all             ACCEPT
ofc             all             ACCEPT
net             all             DROP            info

When I try to connect from ofc to srv, I get the following in the log:

Feb 18 10:18:13 mkfrwsrv-nyc001 kernel: Shorewall:net2all:DROP:IN=eth0
OUT=eth1 SRC= DST= LEN=48 TOS=0x00 PREC=0x00
TTL=117 ID=12213 DF PROTO=TCP SPT=4289 DPT=3389 WINDOW=16384 RES=0x00 SYN

Any suggestions?

Shorewall-newbies mailing list
Post: Shorewall-newbies at lists.shorewall.net
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

More information about the Shorewall-newbies mailing list