I''ve been using shorewall happily for over a year on a single computer. Now I want to use it for a small LAN (desktop plus laptop, the laptop connecting via wireless). I have shorewall version 2.4.4 on Debian. I downloaded the twointerfaces tarball and placed the files in /etc/shorewall. I configured things in what I thought was the correct way but when shorewall is running I cannot ping from the laptop to the desktop. I have to do "shorewall clear" to restore things. I think the problem may be in /etc/shorewall/interfaces, where I have: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,routefilter,tcpflags loc eth1 detect tcpflags #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I tried some variations after reading the comments but no luck. If it makes any difference, eth1 is on the laptop but I was installing shorewall on the desktop. Is this incorrect? Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Monday 19 September 2005 09:27, Anthony Campbell wrote:> > I tried some variations after reading the comments but no luck. > If it makes any difference, eth1 is on the laptop but I was installing > shorewall on the desktop. Is this incorrect? >Please see http://www.shorewall.net/support.htm for instructions concerning proper Shorewall problem documentation. We would have to have supernatural powers to be able to solve your problem with what you have provided us. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Monday 19 September 2005 09:45, Tom Eastep wrote:> On Monday 19 September 2005 09:27, Anthony Campbell wrote: > > I tried some variations after reading the comments but no luck. > > If it makes any difference, eth1 is on the laptop but I was installing > > shorewall on the desktop. Is this incorrect? >I''m also perplexed about your statement that "eth1 is on the laptop" -- You cannot refer to interfaces on other computers in a Shorewall configuration if that is what your statement is trying to convey. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 09:27, Anthony Campbell wrote: > > > > > I tried some variations after reading the comments but no luck. > > If it makes any difference, eth1 is on the laptop but I was installing > > shorewall on the desktop. Is this incorrect? > > > > Please see http://www.shorewall.net/support.htm for instructions concerning > proper Shorewall problem documentation. We would have to have supernatural > powers to be able to solve your problem with what you have provided us. > > -TomApologies for incomplete info. I hope this is better. 1. I''m trying to receive a connection from the laptop, which is 192.168.0.3. 2. If shorewall is running, no connection occurs (ping does not reach the desktop). 3. Requested info: root:/tmp:# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1492 qdisc pfifo_fast qlen 1000 link/ether 00:0b:2b:02:32:fb brd ff:ff:ff:ff:ff:ff inet 192.168.0.20/24 brd 192.168.0.255 scope global eth0 root:/tmp:# ip route show 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.20 default via 192.168.0.1 dev eth0 status.txt Chain INPUT (policy DROP 7 packets, 588 bytes) pkts bytes target prot opt in out source destination 151 17983 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 1 63 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT udp -- eth0 eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 Chain OUTPUT (policy ACCEPT 163 packets, 12680 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 Sep 19 09:06:44 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24315 PROTO=UDP SPT=10587 DPT=137 LEN=58 Sep 19 09:06:44 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=33 DF PROTO=ICMP TYPE=8 CODE=0 ID=61455 SEQ=34 Sep 19 09:06:44 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24316 PROTO=UDP SPT=10588 DPT=137 LEN=58 Sep 19 09:06:45 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24317 PROTO=UDP SPT=10588 DPT=137 LEN=58 Sep 19 09:08:06 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24318 PROTO=UDP SPT=10589 DPT=137 LEN=58 Sep 19 09:08:07 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24319 PROTO=UDP SPT=10589 DPT=137 LEN=58 Sep 19 09:08:08 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24320 PROTO=UDP SPT=10590 DPT=137 LEN=58 Sep 19 09:08:10 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24321 PROTO=UDP SPT=10591 DPT=137 LEN=58 Sep 19 09:08:11 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.20 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24322 PROTO=UDP SPT=10591 DPT=137 LEN=58 Sep 19 09:08:23 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=1 Sep 19 09:08:24 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=2 Sep 19 09:08:25 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=3 Sep 19 09:08:26 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=3 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=4 Sep 19 09:08:27 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=4 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=5 Sep 19 09:08:28 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=5 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=6 Sep 19 09:08:29 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=6 DF PROTO=ICMP TYPE=8 CODE=0 ID=61711 SEQ=7 Sep 19 14:40:38 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13836 DF PROTO=TCP SPT=32953 DPT=22 WINDOW=5808 RES=0x00 SYN URGP=0 Sep 19 14:40:41 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13838 DF PROTO=TCP SPT=32953 DPT=22 WINDOW=5808 RES=0x00 SYN URGP=0 Sep 19 14:40:47 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13840 DF PROTO=TCP SPT=32953 DPT=22 WINDOW=5808 RES=0x00 SYN URGP=0 Sep 19 14:40:59 rfc1918:DROP:IN=eth0 OUT= SRC=192.168.0.3 DST=192.168.0.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13842 DF PROTO=TCP SPT=32953 DPT=22 WINDOW=5808 RES=0x00 SYN URGP=0 NAT Table Chain PREROUTING (policy ACCEPT 651 packets, 57311 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 373 packets, 22620 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 373 packets, 22620 bytes) pkts bytes target prot opt in out source destination Mangle Table Chain PREROUTING (policy ACCEPT 5227 packets, 1507K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 5225 packets, 1506K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5440 packets, 407K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 5440 packets, 407K bytes) pkts bytes target prot opt in out source destination tcp 6 37 TIME_WAIT src=192.168.0.20 dst=80.84.72.21 sport=53469 dport=110 src=80.84.72.21 dst=192.168.0.20 sport=110 dport=53469 [ASSURED] use=1 tcp 6 33 TIME_WAIT src=192.168.0.20 dst=217.64.227.62 sport=52867 dport=110 src=217.64.227.62 dst=192.168.0.20 sport=110 dport=52867 [ASSURED] use=1 tcp 6 105 TIME_WAIT src=192.168.0.20 dst=80.84.72.21 sport=53471 dport=110 src=80.84.72.21 dst=192.168.0.20 sport=110 dport=53471 [ASSURED] use=1 udp 17 161 src=192.168.0.20 dst=192.168.1.2 sport=32769 dport=53 src=192.168.1.2 dst=192.168.0.20 sport=53 dport=32769 [ASSURED] use=1 tcp 6 101 TIME_WAIT src=192.168.0.20 dst=217.64.227.62 sport=52869 dport=110 src=217.64.227.62 dst=192.168.0.20 sport=110 dport=52869 [ASSURED] use=1 udp 17 14 src=127.0.0.1 dst=127.0.0.1 sport=32769 dport=512 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 sport=512 dport=32769 use=1 IP Configuration 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1492 qdisc pfifo_fast qlen 1000 link/ether 00:0b:2b:02:32:fb brd ff:ff:ff:ff:ff:ff inet 192.168.0.20/24 brd 192.168.0.255 scope global eth0 IP Stats 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 8900 120 0 0 0 0 TX: bytes packets errors dropped carrier collsns 8900 120 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1492 qdisc pfifo_fast qlen 1000 link/ether 00:0b:2b:02:32:fb brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 1579756 5273 0 0 0 0 TX: bytes packets errors dropped carrier collsns 475736 5363 0 0 0 0 /proc /proc/version = Linux version 2.6.12.180805 (root@arcadia) (gcc version 4.0.2 20050816 (prerelease) (Debian 4.0.1-5)) #1 Thu Aug 18 14:32:42 BST 2005 /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 1 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 1 /proc/sys/net/ipv4/conf/default/log_martians = 0 /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0 /proc/sys/net/ipv4/conf/eth0/arp_filter = 0 /proc/sys/net/ipv4/conf/eth0/rp_filter = 1 /proc/sys/net/ipv4/conf/eth0/log_martians = 0 /proc/sys/net/ipv4/conf/lo/proxy_arp = 0 /proc/sys/net/ipv4/conf/lo/arp_filter = 0 /proc/sys/net/ipv4/conf/lo/rp_filter = 0 /proc/sys/net/ipv4/conf/lo/log_martians = 0 Routing Table 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.20 default via 192.168.0.1 dev eth0 ARP ? (192.168.0.1) at 00:09:5B:73:1B:08 [ether] on eth0 Modules -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 09:45, Tom Eastep wrote: > > On Monday 19 September 2005 09:27, Anthony Campbell wrote: > > > I tried some variations after reading the comments but no luck. > > > If it makes any difference, eth1 is on the laptop but I was installing > > > shorewall on the desktop. Is this incorrect? > > > > I''m also perplexed about your statement that "eth1 is on the laptop" -- You > cannot refer to interfaces on other computers in a Shorewall configuration if > that is what your statement is trying to convey. > > -Tom > --Yes, I wondered about that. The arrangement is: Internet ---> modem ---> router ---> desktop | | radio link laptop eth1 is on the laptop to enable the wireless connection. Should I therefore install shorewall on the laptop instead; and would this also protect the desktop? Or is there an alternative possibility to accept input from one computer to the other? Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Monday 19 September 2005 10:25, Anthony Campbell wrote:> > Should I therefore install shorewall on the laptop instead;Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 10:25, Anthony Campbell wrote: > > > > > Should I therefore install shorewall on the laptop instead; > > Yes. > > -Tom > --OK, thank you. And I take it the desktop will also be protected in that case (when the laptop is connected, obviously)? Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Monday 19 September 2005 10:33, Anthony Campbell wrote:> On 19 Sep 2005, Tom Eastep wrote: > > On Monday 19 September 2005 10:25, Anthony Campbell wrote: > > > Should I therefore install shorewall on the laptop instead; > > > > Yes. > > > > -Tom > > -- > > OK, thank you. And I take it the desktop will also be protected in that > case (when the laptop is connected, obviously)? >You need to run Shorewall is both places. To enable traffic between the two systems: On the Desktop: ACCEPT net:<laptop IP address> fw ACCEPT fw net:<laptop IP address> On the Laptop: ACCEPT net:<desktop IP address> fw ACCEPT fw net:<desktop IP address> Enable all of the security features supported on your wireless router. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
No, the laptop cannot protect any devices that aren''t routed through it. To protect both the laptop and the desktop, according to your diagram, shorewall would need to be installed on the router. Also, from what I can tell, you have your computer and laptop connected directly to your router. Also, if you don''t have 2 ethernet devices on your desktop, why do you need the 2 interface example.... Thank you, Daniel Wyatt People Line Customer Support -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Anthony Campbell Sent: Monday, September 19, 2005 10:34 AM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Problem setting up shorewall for LAN On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 10:25, Anthony Campbell wrote: > > > > > Should I therefore install shorewall on the laptop instead; > > Yes. > > -Tom > --OK, thank you. And I take it the desktop will also be protected in that case (when the laptop is connected, obviously)? Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 10:33, Anthony Campbell wrote: > > On 19 Sep 2005, Tom Eastep wrote: > > > On Monday 19 September 2005 10:25, Anthony Campbell wrote: > > > > Should I therefore install shorewall on the laptop instead; > > > > > > Yes. > > > > > > -Tom > > > -- > > > > OK, thank you. And I take it the desktop will also be protected in that > > case (when the laptop is connected, obviously)? > > > > You need to run Shorewall is both places. To enable traffic between the two > systems: > > On the Desktop: > > ACCEPT net:<laptop IP address> fw > ACCEPT fw net:<laptop IP address> > > On the Laptop: > > ACCEPT net:<desktop IP address> fw > ACCEPT fw net:<desktop IP address> > > Enable all of the security features supported on your wireless router. > > -Tom > --I put the following in /etc/shorewall/rules (right place?) ############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP ACCEPT net:192.168.0.3 fw ACCEPT fw net:192.168.0.3 ACCEPT net fw icmp 8 ACCEPT fw net icmp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE But I still can''t connect from the laptop. Is there some mistake? Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 10:33, Anthony Campbell wrote: > > On 19 Sep 2005, Tom Eastep wrote: > > > On Monday 19 September 2005 10:25, Anthony Campbell wrote: > > > > Should I therefore install shorewall on the laptop instead; > > > > > > Yes. > > > > > > -Tom > > > -- > > > > OK, thank you. And I take it the desktop will also be protected in that > > case (when the laptop is connected, obviously)? > > > > You need to run Shorewall is both places. To enable traffic between the two > systems: > > On the Desktop: > > ACCEPT net:<laptop IP address> fw > ACCEPT fw net:<laptop IP address> > > On the Laptop: > > ACCEPT net:<desktop IP address> fw > ACCEPT fw net:<desktop IP address> > > Enable all of the security features supported on your wireless router. > > -Tom > --After a bit more research I found that I had to remove norfc1918 in /etc/shorewall/interfaces to allow ping to work. However, even though ping works, ssh does not as long as shorewall is running. Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Monday 19 September 2005 11:23, Anthony Campbell wrote:> > I put the following in /etc/shorewall/rules (right place?) > > > ########################################################################### >### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > # PORT PORT(S) DEST LIMIT GROUP > ACCEPT net:192.168.0.3 fw > ACCEPT fw net:192.168.0.3 > ACCEPT net fw icmp 8 > ACCEPT fw net icmp > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > But I still can''t connect from the laptop. Is there some mistake?I''m sorry -- I can''t help you any further during work hours. Once again, you have not sent the information needed to solve your problem and I refuse to waste my time at work asking you repeatedly to send it (one hint though -- the last time you captured "shorewall status", Shorewall WAS NOT EVEN STARTED). Hopefully someone on the list with more time and patience will be willing to help you. Otherwise, you will have to wait until after business hours. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 19 Sep 2005, Tom Eastep wrote:> On Monday 19 September 2005 11:23, Anthony Campbell wrote: > > > > > I put the following in /etc/shorewall/rules (right place?) > > > > > > ########################################################################### > >### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > > # PORT PORT(S) DEST LIMIT GROUP > > ACCEPT net:192.168.0.3 fw > > ACCEPT fw net:192.168.0.3 > > ACCEPT net fw icmp 8 > > ACCEPT fw net icmp > > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > > > > But I still can''t connect from the laptop. Is there some mistake? > > I''m sorry -- I can''t help you any further during work hours. Once again, you > have not sent the information needed to solve your problem and I refuse to > waste my time at work asking you repeatedly to send it (one hint though -- > the last time you captured "shorewall status", Shorewall WAS NOT EVEN > STARTED). > > Hopefully someone on the list with more time and patience will be willing to > help you. Otherwise, you will have to wait until after business hours. > > -TomGot it working now. Sorry for troubling you and thank you for your excellent work on Shorewall. (I hadn''t realized you were at work - time difference!). Apologies again. Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
Hey, If you do as asked, read http://www.shorewall.net/support.htm and post all of the requested information to the list. From you previous posts, I think that you are very confused about certain things. If you post your configs, then we can un-confuse you. Alex Martin http://www.rettc.com Anthony Campbell wrote:>On 19 Sep 2005, Tom Eastep wrote: > > >>On Monday 19 September 2005 11:23, Anthony Campbell wrote: >> >> >> >>>I put the following in /etc/shorewall/rules (right place?) >>> >>> >>>########################################################################### >>>### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ >>># PORT PORT(S) DEST LIMIT GROUP >>>ACCEPT net:192.168.0.3 fw >>>ACCEPT fw net:192.168.0.3 >>>ACCEPT net fw icmp 8 >>>ACCEPT fw net icmp >>>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >>> >>> >>>But I still can''t connect from the laptop. Is there some mistake? >>> >>> >>I''m sorry -- I can''t help you any further during work hours. Once again, you >>have not sent the information needed to solve your problem and I refuse to >>waste my time at work asking you repeatedly to send it (one hint though -- >>the last time you captured "shorewall status", Shorewall WAS NOT EVEN >>STARTED). >> >>Hopefully someone on the list with more time and patience will be willing to >>help you. Otherwise, you will have to wait until after business hours. >> >>-Tom >> >> > > >Got it working now. Sorry for troubling you and thank you for your >excellent work on Shorewall. (I hadn''t realized you were at work - time >difference!). Apologies again. > >Anthony > > > > > >------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On 20 Sep 2005, Alex Martin wrote:> > Hey, > > If you do as asked, read http://www.shorewall.net/support.htm and post > all of the requested information to the list. > > From you previous posts, I think that you are very confused about > certain things. If you post your configs, then we can un-confuse you. > > Alex Martin > http://www.rettc.com >Thank you, but I have now sorted out my earlier confusion; shorewall is working properly on both computers now and they can inter-communicate without problems. Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk for using Linux GNU/Debian || blog, book reviews, electronic Microsoft-free zone || books and skeptical articles ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php