hello dear''s friends my problem it is with policys and rules. the rules are not executed it is as if they did not exist all this open one, music by Internet, shipment of archives by Internet, p2p everything has access without restrictions. not that I am making bad thanks for its commentaries....! :-( My enviroment : Centos4.3 + Bridge + Shorewall: eth0 + eth1= Bridge (vdpf0) VDPF0=192.168.64.253 Internet---RouterCisco---VDPF0---LAN[192.168.64.0/24, 192.168.65.0/24 y 192.168.66.0/24] ########## zones ########## fw firewall net ipv4 loc ipv4 loc1 ipv4 loc2 ipv4 ########## Hosts ########## net vdpf0:eth0 loc vdpf0:eth1:192.168.64.0/24 routeback loc1 vdpf0:eth1:192.168.65.0/24 routeback loc2 vdpf0:eth1:192.168.66.0/24 routeback ########## Interfaces ######### - vdpf0 detect ########## politicas ########### loc net ACCEPT net loc ACCEPT loc1 net ACCEPT net loc1 ACCEPT loc2 net ACCEPT net loc2 ACCEPT #################### POLITICAS VISTAS ENTRE SEGMENTOS ##################### loc fw ACCEPT fw loc ACCEPT loc1 fw ACCEPT fw loc1 ACCEPT loc2 fw ACCEPT fw loc2 ACCEPT fw net ACCEPT net all DROP info all all REJECT info ########### Reglas ############ ACCEPT loc net tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc net udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT loc1 net tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc1 net udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT loc2 net tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc2 net udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT net loc tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT net loc udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT net loc1 tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT net loc1 udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT net loc2 tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT net loc2 udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 #################### POLITICAS VISTAS ENTRE SEGMENTOS ##################### ACCEPT loc loc1 tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc loc1 udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT loc1 loc tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc1 loc udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT loc loc2 tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc loc2 udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT loc2 loc tcp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,9102,135 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 ACCEPT loc2 loc udp 1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1024,5 3 ACCEPT loc1 loc2 tcp ACCEPT loc1 loc2 udp ACCEPT loc2 loc1 tcp ACCEPT loc2 loc1 udp ######## RouteStopped ########### vdpf0 - ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Sun, 2006-07-16 at 17:59 -0500, German Jimenez Leal wrote:> > > hello dear''s friends > my problem it is with policys and rules. > the rules are not executed > it is as if they did not exist > all this open one, music by Internet, shipment of archives by > Internet, p2p everything has access without restrictions. > not that I am making bad > > thanks for its commentaries....! :-( >It is working just as you have configured it -- you have allowed all net->loc* and loc*->net in your policies. How could you possibly expect it to work any other way? -Tom>-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
My router has a NAT configuration The NAT makes possible that my segments of LAN communicate to each other my rule loc -- net its ok...are you agree?. My rule net -- loc allows everything because i need to communicate between all my LAN segments. If I take off this rule my LAN segments in the bridge can not have comunication between them. For Example: My Internet provider gives to me a cisco router with the following configuration: |IP Lan 201.X.X.X mask:255.255.255.240 | NAT |-----IP Lan 192.168.64.250 mask: 255.255.255.0 secundary IP Lan 192.168.65.250 mask: 255.255.255.0 secundary IP Lan 192.168.66.250 mask: 255.255.255.0 secundary L A N R O U T E R |an IP of segments 192.168.66.x looks for an application in segment 64| |the router makes NAT and returns the path to follow so can find the 64 segment | |--------------------------loc--------------------------------------->| |-------- net -------> | |<-------------- net -------------------------------| |--------------------------------------------------------------------------- --------------------------------------------------------------------------| It is possible to make NAT inside the Bridge/Firewall if I erase the NAT from the Cisco? -----Mensaje original----- De: Tom Eastep [mailto:teastep@shorewall.net] Enviado el: Domingo, 16 de Julio de 2006 06:42 p.m. Para: Shorewall Users Asunto: Re: [Shorewall-users] RV: Shorewall+Bridge+3subredes On Sun, 2006-07-16 at 17:59 -0500, German Jimenez Leal wrote:> > > hello dear''s friends > my problem it is with policys and rules. > the rules are not executed > it is as if they did not exist > all this open one, music by Internet, shipment of archives by > Internet, p2p everything has access without restrictions. > not that I am making bad > > thanks for its commentaries....! :-( >It is working just as you have configured it -- you have allowed all net->loc* and loc*->net in your policies. How could you possibly expect it to work any other way? -Tom>-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Mon, 2006-07-17 at 13:48 -0500, German Jimenez Leal wrote:> It is possible to make NAT inside the Bridge/Firewall if I erase the NAT > from the Cisco?I advise against doing NAT in a Bridge/Firewall. The exception is when you have a bridge/router and you are using NAT for routed traffic. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hola que tal, mira sabes en la pagina de Shorewall en el tema de shorewall como puente, el autor indica que shorewall no soporta varios segmentos de red en un puente, que solo funcioana para un segmento de red...! O eso fue lo que le entendi...! Si pudieras darme tu opinion, realmente quisiera un tips que me ayudara a replantear mi firewall o seguir, estaba pensando crear un puente por cada segmento meter un siwtch entre el router y el firewall/bridge y como van a ser tres puentes cada uno tendria un segmento de red..! Asi el siwtch se conectaria a mi router y a mis tres tarjetas eth(0,2,4) que apuntan a net. Y las que apuntan a la zona local eth(1,3,5) se conectan a la LAN...! Pero bueno sin descartar lo que me dijiste primero hare lo que me indicas al pie de la letra y te comento...! De antemano te agradezco y quedo de ti como tu mas atento servidor..! Saludos a todos...! -----Mensaje original----- De: Fernando Rodriguez [mailto:frod@aitelecom.net] Enviado el: Domingo, 30 de Julio de 2006 06:24 a.m. Para: Shorewall Users Asunto: Re: [Shorewall-users] Shorewall+Bridge+3subredes On Wednesday 05 July 2006 10:53 pm, German Jimenez Leal wrote: Real mente tu unico problema es que en las politicas tienes loc net accept net loc accept quitale esas reglas para tu firewall solo deje pasar lo que tienes en las reglas y de esa forma limitar todo> Hola a todos disculpen si escribo en español. Pero tengo un detalle > todo al parecer funciona bien, mi bridge corre bien, el shorewall no > meda ningun error. > Pero mis reglas según activan ciertos puertos pero el firewall > (shorewall) no bloquea el trafico, el echo es que puedo bajar archivos > bitorrent, escuchar musica por internet y enviar archivos por messenger ! > Me podrian dar una ayudadita se los agradecere ! > > Mi instalación: Centos4.3 + Bridge + Shorewall: > eth0 + eth1= Bridge (vdpf0) > VDPF0=192.168.64.253 > Internet---RouterCisco---VDPF0---LAN > En la LAN tengo tres segmentos de red. > > He provado las politicas una a una y bueno cuando quito una lo que > ocasiono es que algun segmento ya no tenga comunicacion con otros > segmentos o hacia internet. Ahora lo que me pasa es que mis reglas > estan como tal hay pero no surten efecto, ya que sigo conectandome a > estaciones de musica, puedo enviar archivos atravez del msn, puedo entrara canales de TV vía la web.> Realmente no se que estoy haciendo mal...! > Mil gracias...! > > archivos de configuracion > ########## zones ########## > fw firewall > net ipv4 > loc ipv4 > loc1 ipv4 > loc2 ipv4 > ########## Hosts ########## > net vdpf0:eth0 > loc vdpf0:eth1:192.168.64.0/24 routeback,tcpflags > loc1 vdpf0:eth1:192.168.65.0/24 routeback,tcpflags > loc2 vdpf0:eth1:192.168.66.0/24 routeback,tcpflags ########## > Interfaces ######### > - vdpf0 detect > ########## politicas ########### > loc net ACCEPT > net loc ACCEPT > loc1 net ACCEPT > net loc1 ACCEPT > loc2 net ACCEPT > net loc2 ACCEPT > #################### POLITICAS VISTAS ENTRE SEGMENTOS > ##################### loc loc1 ACCEPT > loc1 loc ACCEPT > loc loc2 ACCEPT > loc2 loc ACCEPT > loc1 loc2 ACCEPT > loc2 loc1 ACCEPT > loc fw ACCEPT > fw loc ACCEPT > loc1 fw ACCEPT > fw loc1 ACCEPT > loc2 fw ACCEPT > fw loc2 ACCEPT > fw net ACCEPT > net all DROP info > all all REJECT info > > ########### Reglas ############ > ACCEPT loc net tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc net udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc1 net tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc1 net udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc2 net tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc2 net udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT net loc tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT net loc udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT net loc1 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT net loc1 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT net loc2 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT net loc2 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > #################### POLITICAS VISTAS ENTRE SEGMENTOS >##################### ACCEPT loc loc1 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc loc1 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc1 loc tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc1 loc udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc loc2 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc loc2 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc2 loc tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc2 loc udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc1 loc2 tcp > ACCEPT loc1 loc2 udp > ACCEPT loc2 loc1 tcp > ACCEPT loc2 loc1 udp > > ######## RouteStopped ########### > vdpf0 --- Fernando Rodriguez AITelecom ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
German, No entiendo realmente que es lo que estas tratando de hacer, pero siento que es mas sencillo de lo que intentas, ya que no es necesario conectar 3 diferentes tarjetas de red al switch a menos que se administrable y aun asi lo podrias hacer con vlans. Te pido me expliques que es lo que quieres hacer y le pongas nombres a las redes y como las quieres comunicar, ya que en lo que planteas abajo realmente solo tienes 2 zonas de res net y lan. Saludos Mi correo es frod@aitelecom.net , por si quieres mandarme un diagrama o algo de lo que son tus planes, y de inicio te comento que por lo que comentas en ningun caso va a ser necesarion un bridge o puente en tu red. Saludos Fernando Rodriguez AITelecom -----Mensaje original----- De: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] En nombre de German Jimenez Leal Enviado el: Domingo, 30 de Julio de 2006 07:01 p.m. Para: ''Shorewall Users'' Asunto: [Shorewall-users] RV: Shorewall+Bridge+3subredes Hola que tal, mira sabes en la pagina de Shorewall en el tema de shorewall como puente, el autor indica que shorewall no soporta varios segmentos de red en un puente, que solo funcioana para un segmento de red...! O eso fue lo que le entendi...! Si pudieras darme tu opinion, realmente quisiera un tips que me ayudara a replantear mi firewall o seguir, estaba pensando crear un puente por cada segmento meter un siwtch entre el router y el firewall/bridge y como van a ser tres puentes cada uno tendria un segmento de red..! Asi el siwtch se conectaria a mi router y a mis tres tarjetas eth(0,2,4) que apuntan a net. Y las que apuntan a la zona local eth(1,3,5) se conectan a la LAN...! Pero bueno sin descartar lo que me dijiste primero hare lo que me indicas al pie de la letra y te comento...! De antemano te agradezco y quedo de ti como tu mas atento servidor..! Saludos a todos...! -----Mensaje original----- De: Fernando Rodriguez [mailto:frod@aitelecom.net] Enviado el: Domingo, 30 de Julio de 2006 06:24 a.m. Para: Shorewall Users Asunto: Re: [Shorewall-users] Shorewall+Bridge+3subredes On Wednesday 05 July 2006 10:53 pm, German Jimenez Leal wrote: Real mente tu unico problema es que en las politicas tienes loc net accept net loc accept quitale esas reglas para tu firewall solo deje pasar lo que tienes en las reglas y de esa forma limitar todo> Hola a todos disculpen si escribo en español. Pero tengo un detalle > todo al parecer funciona bien, mi bridge corre bien, el shorewall no > meda ningun error. > Pero mis reglas según activan ciertos puertos pero el firewall > (shorewall) no bloquea el trafico, el echo es que puedo bajar archivos > bitorrent, escuchar musica por internet y enviar archivos por messenger ! > Me podrian dar una ayudadita se los agradecere ! > > Mi instalación: Centos4.3 + Bridge + Shorewall: > eth0 + eth1= Bridge (vdpf0) > VDPF0=192.168.64.253 > Internet---RouterCisco---VDPF0---LAN > En la LAN tengo tres segmentos de red. > > He provado las politicas una a una y bueno cuando quito una lo que > ocasiono es que algun segmento ya no tenga comunicacion con otros > segmentos o hacia internet. Ahora lo que me pasa es que mis reglas > estan como tal hay pero no surten efecto, ya que sigo conectandome a > estaciones de musica, puedo enviar archivos atravez del msn, puedo > entrara canales de TV vía la web.> Realmente no se que estoy haciendo mal...! > Mil gracias...! > > archivos de configuracion > ########## zones ########## > fw firewall > net ipv4 > loc ipv4 > loc1 ipv4 > loc2 ipv4 > ########## Hosts ########## > net vdpf0:eth0 > loc vdpf0:eth1:192.168.64.0/24 routeback,tcpflags > loc1 vdpf0:eth1:192.168.65.0/24 routeback,tcpflags > loc2 vdpf0:eth1:192.168.66.0/24 routeback,tcpflags ########## > Interfaces ######### > - vdpf0 detect > ########## politicas ########### > loc net ACCEPT > net loc ACCEPT > loc1 net ACCEPT > net loc1 ACCEPT > loc2 net ACCEPT > net loc2 ACCEPT > #################### POLITICAS VISTAS ENTRE SEGMENTOS > ##################### loc loc1 ACCEPT > loc1 loc ACCEPT > loc loc2 ACCEPT > loc2 loc ACCEPT > loc1 loc2 ACCEPT > loc2 loc1 ACCEPT > loc fw ACCEPT > fw loc ACCEPT > loc1 fw ACCEPT > fw loc1 ACCEPT > loc2 fw ACCEPT > fw loc2 ACCEPT > fw net ACCEPT > net all DROP info > all all REJECT info > > ########### Reglas ############ > ACCEPT loc net tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc net udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc1 net tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc1 net udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc2 net tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc2 net udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT net loc tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT net loc udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT net loc1 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT net loc1 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT net loc2 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT net loc2 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > #################### POLITICAS VISTAS ENTRE SEGMENTOS >##################### ACCEPT loc loc1 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc loc1 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc1 loc tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc1 loc udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc loc2 tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc loc2 udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc2 loc tcp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,1863,515,631,9100,910 >2,13 >5 ,139,445,ftp,smtp,pop3,imap,53,https,8080,80,22 > ACCEPT loc2 loc udp > >1366,1677,2301,2544,3016,3017,3018,3024,3396,7628,135,445,137,138,139,1 >024, >5 3 > ACCEPT loc1 loc2 tcp > ACCEPT loc1 loc2 udp > ACCEPT loc2 loc1 tcp > ACCEPT loc2 loc1 udp > > ######## RouteStopped ########### > vdpf0 --- Fernando Rodriguez AITelecom ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV