[Shorewall-users] remote admin

Brian brianbreedlove at hotmail.com
Tue Oct 5 17:13:52 PDT 2004


Hello, I recently setup Shorewall 2.0.9 on a RedHat 9 machine using the two
interface quick start guide.

ip addr show:

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:20:ed:76:dc:82 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:90:cc:82:50:16 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1454 qdisc pfifo_fast qlen 3
    link/ppp
    inet 220.144.146.14 peer 210.151.255.103/32 scope global ppp0

ip route show:

210.151.255.103 dev ppp0  proto kernel  scope link  src 220.144.146.14
192.168.1.0/24 dev eth1  scope link
169.254.0.0/16 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 210.151.255.103 dev ppp0

Now to my problem...  I am trying to get radmin 2.1 working.  I have an odd
setup meaning that the client computer is behind a proxy and does tcp using
httport->htthost proxy tunneling.  This all works and I can connect to my
linux computer, but I cannot connect to my Windows computer.  I inserted the
following rule:

DNAT  net   loc:192.168.1.5  tcp 4899

Before I used a Corega router and only needed to open this port.  It was
slow through the proxy tunnel, but it worked.  Now, I get a client i/o error
saying that there may be IP filtering by the computer I am trying to connect
to.  However, the only filtering would be with Shorewall.  Do I need another
rule to allow the connection?

Sincerely,

Brian


More information about the Shorewall-users mailing list