[Shorewall-users] Re: [Shorewall-newbies] 2 IPs and Three Interface firewall

Tom Eastep teastep at shorewall.net
Wed Mar 3 12:05:39 PST 2004


On Wed, 3 Mar 2004, electro jacs wrote:

> > > and if that happens, since I make to allow all traffic clean without the
> > > rules of firewall?
> >
> >No -- but you can add rules specifically for that IP address to allow it
> >any
> >access that you want to give it. To give the IP complete access in and out,
> >you can add these at the top of /etc/shorewall/rules:
> >
> >ACCEPT	loc:200.x.x.195	all		all
> >ACCEPT	all		loc:200.x.x.195	all
> >
> >-Tom
>
> ok Mr Tom , that rule was added
> but I scan with NMAP and it shows this to :
> /*
> [root at totalweb root]# nmap 200.x.x.194
> Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-03 14:12 COT
> Note: Host seems down. If it is really up, but blocking our ping probes, try
> -P0Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.061 seconds
> [root at totalweb root]#
> */
> the computer that has the IP 200.x.x.194, sails correctly and apparently all
> this good, and I scan I did it from another computer in Internet
> that I could be badly configured?

I don't understand --

a) The rules I gave you were for IP address 200.x.x.195
b) You claim that nmap doesn't work; yet
c) You say that the IP 200.x.x.194 "sails correctly"

We are loosing something in the translation...

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-users mailing list