[Shorewall-newbies] How can I add a zone on a fixed public IP

Sakthivel Subramanian sakthi at altair.com
Wed Feb 18 12:20:42 PST 2004


Is there any reason why you have to do it as a zone ?

The easiest way to accomplish what you are doing is to add rule on
/etc/shorewall/rules
# RDP
ACCEPT:info     net:68.160.198.206       srv             tcp     3389

No need to add a new zone on zones file or host in the hosts file.

Sakthi
-----Original Message-----
From: shorewall-newbies-bounces at lists.shorewall.net
[mailto:shorewall-newbies-bounces at lists.shorewall.net] On Behalf Of Eugene
Ventimiglia
Sent: Wednesday, February 18, 2004 3:04 PM
To: shorewall-newbies at lists.shorewall.net
Subject: [Shorewall-newbies] How can I add a zone on a fixed public IP


I've tried:

Interfaces:
-       eth0    detect  routestopped
srv     eth1    detect  routestopped

Hosts:
ofc             eth0:68.160.198.206
net             eth0:0.0.0.0/0

Policy:
$FW             all             ACCEPT
srv             all             ACCEPT
ofc             all             ACCEPT
net             all             DROP            info

When I try to connect from ofc to srv, I get the following in the log:

Feb 18 10:18:13 mkfrwsrv-nyc001 kernel: Shorewall:net2all:DROP:IN=eth0
OUT=eth1 SRC=68.160.198.206 DST=192.168.3.20 LEN=48 TOS=0x00 PREC=0x00
TTL=117 ID=12213 DF PROTO=TCP SPT=4289 DPT=3389 WINDOW=16384 RES=0x00 SYN
URGP=0

Any suggestions?
--e

_______________________________________________
Shorewall-newbies mailing list
Post: Shorewall-newbies at lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm



More information about the Shorewall-newbies mailing list