[Shorewall-newbies] How can I add a zone on a fixed public IP

Sakthivel Subramanian sakthi at altair.com
Wed Feb 18 14:15:40 PST 2004

Well then you have to make sure the subzone "ofc" is in front of the "net"
zone on the Zones file as Tom suggested. Have your tried that and is it
working ?

There is good documentation on setting up VPN tunnels here. Though I have
never configured one myself.

Another good resource is the check out Tom's configuration.



ofc     Office          Office
net     Net          	Internet

-----Original Message-----
From: Eugene Ventimiglia [mailto:eventi at yahoo.com] 
Sent: Wednesday, February 18, 2004 4:47 PM
To: sakthi at altair.com
Cc: shorewall-newbies at lists.shorewall.net
Subject: RE: [Shorewall-newbies] How can I add a zone on a fixed public IP

Good point... The zone and policy is cleaner, though. And I'm transitioning
this office away from accessing local machines to ones in a colo.  Can you
configure a VPN through shorewall? Or does that require additional software?

> -----Original Message-----
> From: Sakthivel Subramanian [mailto:sakthi at altair.com]
> Sent: Wednesday, February 18, 2004 3:21 PM
> To: 'Eugene Ventimiglia'; 
> Subject: RE: [Shorewall-newbies] How can I add a zone on a 
> fixed public IP
> Is there any reason why you have to do it as a zone ?
> The easiest way to accomplish what you are doing is to add
> rule on /etc/shorewall/rules # RDP
> ACCEPT:info     net:       srv             tcp     3389
> No need to add a new zone on zones file or host in the hosts file.
> Sakthi
> -----Original Message-----
> From: shorewall-newbies-bounces at lists.shorewall.net
> [mailto:shorewall-newbies-bounces at lists.shorewall.net] On
> Behalf Of Eugene Ventimiglia
> Sent: Wednesday, February 18, 2004 3:04 PM
> To: shorewall-newbies at lists.shorewall.net
> Subject: [Shorewall-newbies] How can I add a zone on a fixed public IP
> I've tried:
> Interfaces:
> -       eth0    detect  routestopped
> srv     eth1    detect  routestopped
> Hosts:
> ofc             eth0:
> net             eth0:
> Policy:
> $FW             all             ACCEPT
> srv             all             ACCEPT
> ofc             all             ACCEPT
> net             all             DROP            info
> When I try to connect from ofc to srv, I get the following in the log:
> Feb 18 10:18:13 mkfrwsrv-nyc001 kernel: Shorewall:net2all:DROP:IN=eth0 
> OUT=eth1 SRC= DST= LEN=48 TOS=0x00 PREC=0x00 
> TTL=117 ID=12213 DF PROTO=TCP SPT=4289 DPT=3389 WINDOW=16384 RES=0x00 
> Any suggestions?
> --e
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm

More information about the Shorewall-newbies mailing list