[Shorewall-users] Configuring shorewall to allow and internal NIS+ domain

Dave Bush statman at twcny.rr.com
Sat May 10 15:49:32 PDT 2003


Hi Folks,
     This may be a completely dumb newbie question, but I recently 
upgraded my server from Red Hat 7.2 to Mandrake 9.1 and as part of this 
I switched from Firestarter to Shorewall for my firewall. I'm 
experiencing some problems with getting Shorewall and NIS+ working.

     Here's my /etc/shorewall/rules file:

ACCEPT  net     fw      udp     53      -
ACCEPT  net     fw      tcp     80,443,53,22,20,21,4500,10000   -
ACCEPT  loc     fw      udp     53      -
ACCEPT  loc     fw      tcp     80,443,53,22,20,21,4500,10000   -
ACCEPT  loc     fw      tcp 
domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp    -
ACCEPT  loc     fw      udp 
domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp    -
ACCEPT  fw      loc     tcp     631,515,137,138,139     -
ACCEPT  fw      loc     udp     631,515,137,138,139     -
#these rules are for accepting samba requests
ACCEPT  fw      loc     udp     137:139 -
ACCEPT  fw      loc     tcp     137,139 -
ACCEPT  fw      loc     udp     1024:   137 -
ACCEPT  loc     fw      udp     137:139 -
ACCEPT  loc     fw      tcp     137,139 -
ACCEPT  loc     fw      udp     1024:   137 -
#Dave's guess at setting up NFS
ACCEPT  fw      loc     udp     111 -
ACCEPT  fw      loc     tcp     111 -
ACCEPT  fw      loc     udp     2049 -
ACCEPT  fw      loc     tcp     2049 -
ACCEPT  fw      loc     udp     4000:4003 -
ACCEPT  fw      loc     tcp     4000:4003 -
ACCEPT  loc     fw      udp     111 -
ACCEPT  loc     fw      tcp     111 -
ACCEPT  loc     fw      udp     2049 -
ACCEPT  loc     fw      tcp     2049 -
ACCEPT  loc     fw      udp     4000:4003 -
ACCEPT  loc     fw      tcp     4000:4003
# Let's see if I can make NIS+ work
ACCEPT  fw      loc     tcp     668:1024
ACCEPT  fw      loc     udp     668:1024
ACCEPT  loc     fw      tcp     668:1024
ACCEPT  loc     fw      udp     668:1024
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

     I'm pretty sure my NIS+ server is working properly. I'm able to see 
the domain and bind to it on a client computer. The problem comes when a 
user on the client computer tries to authenticate to the NIS+ server. 
Here's an example of what I see in my /var/log/messages:

May 10 13:46:07 bob kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:10:4b:2f:c1:86:00:40:ca:50:97:50:08:00 SRC=192.168.1.3 
DST=192.168.1.1 LEN=248 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP 
SPT=797 DPT=32773 LEN=228

May 10 13:46:07 bob kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:10:4b:2f:c1:86:00:40:ca:50:97:50:08:00 SRC=192.168.1.3 
DST=192.168.1.1 LEN=248 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP 
SPT=797 DPT=32773 LEN=228

     What am I doing wrong here folks? I attribute all of this to the 
fact that I'm a Shorewall newbie, so any help would be greatly appreciated.

Thanks,
- Dave



More information about the Shorewall-users mailing list