[Shorewall-newbies] 2 IPs and Three Interface firewall

electro jacs electrojacs at hotmail.com
Wed Mar 3 12:30:57 PST 2004


> > >No -- but you can add rules specifically for that IP address to allow 
>it
> > >any
> > >access that you want to give it. To give the IP complete access in and 
>out,
> > >you can add these at the top of /etc/shorewall/rules:
> > >
> > >ACCEPT	loc:200.x.x.195	all		all
> > >ACCEPT	all		loc:200.x.x.195	all
> > >
> > >-Tom
> >
> > ok Mr Tom , that rule was added
> > but I scan with NMAP and it shows this to :
> > /*
> > [root at totalweb root]# nmap 200.x.x.194
> > Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-03 14:12 
>COT
> > Note: Host seems down. If it is really up, but blocking our ping probes, 
>try
> > -P0Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.061 
>seconds
> > [root at totalweb root]#
> > */
> > the computer that has the IP 200.x.x.194, sails correctly and apparently 
>all
> > this good, and I scan I did it from another computer in Internet
> > that I could be badly configured?
>
>I don't understand --
>
>a) The rules I gave you were for IP address 200.x.x.195
>b) You claim that nmap doesn't work; yet
>c) You say that the IP 200.x.x.194 "sails correctly"
>
>We are loosing something in the translation...

I have 2 ip  200.x.x.194 and 200.x.x.195

the network card of  " net " has the IP 200.x.x.195, eth0
the network card of  " loc " has the IP 192.168.0.1  eth2
the network card of  " dmz " has the IP 172.16.0.1 eth1

/etc/shorewall/proxyarp ,  configured in this form:
200.x.x.194         eth2        eth0       no
/etc/shorewall/rules,  ,  configured in this form:

ACCEPT	loc:200.x.x.194	all		all
ACCEPT	all		loc:200.x.x.194	all


and a computer in the LOC configured with the IP 200.x.x.194 sails 
correctly,

the question is, so that when I scan with NMAP the IP 200.x.x.194 does not 
show the ports to me opened in this computer ?

thanks

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.latam.msn.com/



More information about the Shorewall-newbies mailing list