[Shorewall-newbies] How can I add a zone on a fixed public IP

Eugene Ventimiglia eventi at yahoo.com
Wed Feb 18 13:46:31 PST 2004


Good point... The zone and policy is cleaner, though. And I'm transitioning
this office away from accessing local machines to ones in a colo.  Can you
configure a VPN through shorewall? Or does that require additional software?
--e 

> -----Original Message-----
> From: Sakthivel Subramanian [mailto:sakthi at altair.com] 
> Sent: Wednesday, February 18, 2004 3:21 PM
> To: 'Eugene Ventimiglia'; 
> Subject: RE: [Shorewall-newbies] How can I add a zone on a 
> fixed public IP
> 
> Is there any reason why you have to do it as a zone ?
> 
> The easiest way to accomplish what you are doing is to add 
> rule on /etc/shorewall/rules # RDP
> ACCEPT:info     net:68.160.198.206       srv             tcp     3389
> 
> No need to add a new zone on zones file or host in the hosts file.
> 
> Sakthi
> -----Original Message-----
> From: shorewall-newbies-bounces at lists.shorewall.net
> [mailto:shorewall-newbies-bounces at lists.shorewall.net] On 
> Behalf Of Eugene Ventimiglia
> Sent: Wednesday, February 18, 2004 3:04 PM
> To: shorewall-newbies at lists.shorewall.net
> Subject: [Shorewall-newbies] How can I add a zone on a fixed public IP
> 
> 
> I've tried:
> 
> Interfaces:
> -       eth0    detect  routestopped
> srv     eth1    detect  routestopped
> 
> Hosts:
> ofc             eth0:68.160.198.206
> net             eth0:0.0.0.0/0
> 
> Policy:
> $FW             all             ACCEPT
> srv             all             ACCEPT
> ofc             all             ACCEPT
> net             all             DROP            info
> 
> When I try to connect from ofc to srv, I get the following in the log:
> 
> Feb 18 10:18:13 mkfrwsrv-nyc001 kernel: Shorewall:net2all:DROP:IN=eth0
> OUT=eth1 SRC=68.160.198.206 DST=192.168.3.20 LEN=48 TOS=0x00 PREC=0x00
> TTL=117 ID=12213 DF PROTO=TCP SPT=4289 DPT=3389 WINDOW=16384 
> RES=0x00 SYN URGP=0
> 
> Any suggestions?
> --e
> 
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe:
> https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 



More information about the Shorewall-newbies mailing list