[Shorewall-users] Quick Start Guide (fwd)
Wed, 10 Apr 2002 06:26:23 -0700 (Pacific Daylight Time)
On Wed, 10 Apr 2002, Richard Kimber wrote:
> On Tue, 9 Apr 2002 17:20:47 -0700 (Pacific Daylight Time)
> Tom Eastep <firstname.lastname@example.org> wrote:
> > Version 1.0 of the Quick Start Guide and accompanying sample
> > configurations is available at:
> > http://www.shorewall.net/shorewall_quickstart_guide.htm.
> > Comments and suggestions are most welcome.
> Impressively quickly done.
> I have a few idiot questions that arise:
> I wasn't clear about the zones in a standalone system. The document
> implies that you just have "net", but shouldn't there be a zone for the
> machine too, i.e. for 127.0.0.1?
That's the 'fw' zone that is described in the Guide.
> I thought there ought to be a rule that
> permits everything that doesn't go outside the machine, otherwise you may
> not be able to print, which I can't with the default setup, (using CUPS).
Shorewall NEVER restricts traffic through 127.0.0.1. If you have problems
with printing, there is something else involved.
> Also, I assume my CM is outside the fw and is thus part of the net zone,
> but I wasn't clear how to define a rule that allowed me to get my browser
> to connect to it's IP (192.168.100.1) to read the status info, given the
> norfc1918 option.
If you have that requiremenent then you can't use 'norfc1918'.
> I tried
> ACCEPT net:192.168.100.1 fw tcp 80
> but that didn't work
Er -- your browser is in the firewall which is connecting to the CM,
right? So your rule is backward.
> FYI one tiny typo in ZONE line of interfaces: "Much match" "Must match" ?
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com