[Shorewall-users] Netbios

Simon Turvey turveysp@ntlworld.com
Wed, 24 Apr 2002 17:53:35 +0100


 > Simon could you add your policy and rules and interfaces and zone files
as
> my are a bit more complex than yours.

Yup, here goes:

Policy file:
    Iceman is the name of the server at the remote end of the tunnel and if
defined
    in zones.

#SOURCE   DESTINATION POLICY  LOG LEVEL
loc    net    ACCEPT
loc    fw    ACCEPT
loc    iceman    ACCEPT
#
# If you want open access to the internet from your firewall, uncomment the
# following line
fw  net  ACCEPT
fw  iceman  ACCEPT
iceman  fw  ACCEPT
iceman  loc  ACCEPT
net  all  DROP  info
all  all  REJECT  info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Rules file:

ACCEPT  fw net tcp 53
ACCEPT  fw net udp 53

# Make ping work
ACCEPT  fw loc icmp 8
ACCEPT  fw net icmp 8

# Allow web traffic in to firewall
ACCEPT  net fw tcp www

# Allow ssh to firewall for admin
ACCEPT  net fw tcp ssh

# Allow ftp to firewall from net
ACCEPT  net fw tcp ftp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Zones file:

net Net  Internet
loc Local  Local networks
iceman iceman  Drew's network
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Interfaces file:

Had to switch off route filtering in here, not sure what it does though.

net     eth0  detect  dhcp,norfc1918
loc  eth1  detect  routestopped
iceman ipsec0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE