[Shorewall-users] Quick Start Guide (fwd)

Tom Eastep teastep@shorewall.net
Wed, 10 Apr 2002 06:26:23 -0700 (Pacific Daylight Time)

On Wed, 10 Apr 2002, Richard Kimber wrote:

> On Tue, 9 Apr 2002 17:20:47 -0700 (Pacific Daylight Time)
> Tom Eastep <teastep@shorewall.net> wrote:
> > Version 1.0 of the Quick Start Guide and accompanying sample
> > configurations is available at:
> >
> > http://www.shorewall.net/shorewall_quickstart_guide.htm.
> >
> > Comments and suggestions are most welcome.
> Impressively quickly done.
> I have a few idiot questions that arise:
> I wasn't clear about the zones in a standalone system.  The document
> implies that you just have "net", but shouldn't there be a zone for the
> machine too, i.e. for

That's the 'fw' zone that is described in the Guide.

> I thought there ought to be a rule that
> permits everything that doesn't go outside the machine, otherwise you may
> not be able to print, which I can't with the default setup, (using CUPS).

Shorewall NEVER restricts traffic through If you have problems
with printing, there is something else involved.

> Also, I assume my CM is outside the fw and is thus part of the net zone,
> but I wasn't clear how to define a rule that allowed me to get my browser
> to connect to it's IP ( to read the status info, given the
> norfc1918 option.

If you have that requiremenent then you can't use 'norfc1918'.

> I tried
> ACCEPT   net:  fw tcp 80
> but that didn't work

Er -- your browser is in the firewall which is connecting to the CM,
right? So your rule is backward.

> FYI one tiny typo in ZONE line of interfaces: "Much match"  "Must match" ?


Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net