hi can i know what is the correct way to configure this ACCEPT loc:10.30.10.30 fw tcp any any i have problem using any. ------------------------------------------------------------------------ ------- Best Regards Liew Toh Seng Icq No: >> 36835809 << MSN: >> tohseng@hotmail.com << * .--. * |o_o | * |:_/ | * // * (| | ) * /''\_ _/` The Internet Solution Company * \___)=(___ My Directory Sdn Bhd
On Tue, 2004-04-20 at 17:26, Liew Toh Seng wrote:> hi > > can i know what is the correct way to configure this > > > ACCEPT loc:10.30.10.30 fw tcp any any > > i have problem using any.When you read the documentation, you did read it, where did you see a reference to using "any" in the source-port or destination-port fields? Oh, and please try to be more verbose than "I have a problem". Most of the people on this list are not mind-readers.... :-) -- "An opinion is like an asshole - everybody has one." - Clint Eastwood as Harry Callahan, The Dead Pool - 1988.
On Tue, 20 Apr 2004 18:40:22 +0800 Ed Greshko <Ed.Greshko@greshko.com> wrote:> On Tue, 2004-04-20 at 17:26, Liew Toh Seng wrote: > When you read the documentation, you did read it, where did you see a > reference to using "any" in the source-port or destination-port > fields?NOTE: Rather than ridicule him as it is apparent English is not his first language, I''ll try. Liew, You should not need that rule if Shorewall if all outgoing traffic is already allowed in /etc/shorewall/policy. If you did not change that file it should not be necessary to add such a rule to ''rules''. I''m assuming you have a stock configuration of course. -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v
Paul Slinski wrote:> Liew, > > You should not need that rule if Shorewall if all outgoing traffic is > already allowed in /etc/shorewall/policy. If you did not change that > file it should not be necessary to add such a rule to ''rules''. > > I''m assuming you have a stock configuration of course.Actually, the stock configuration does not allow loc->fw traffic. The general form of that sort of rule would be: ACCEPT loc:<address> fw all Such a rule would allow ALL traffic from the host at <address> to the firewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 20 Apr 2004 06:54:41 -0700 Tom Eastep <teastep@shorewall.net> wrote:> Actually, the stock configuration does not allow loc->fw traffic. The > general form of that sort of rule would be: > > ACCEPT loc:<address> fw all > > Such a rule would allow ALL traffic from the host at <address> to the > firewall.Note to self: Do not respond to mailing lists before first cup of coffee. Sorry for the misinformation. /etc/shorewall/rules ACCEPT loc:10.30.10.30 fw all - That looks correct. Since ''protocol'' is all then ''dest port'' needs to be - and ''client port'' is not required since ''original dest'' is not going to be used. -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v
>> > > Note to self: Do not respond to mailing lists before first cup of > coffee. > > Sorry for the misinformation. > > /etc/shorewall/rules > ACCEPT loc:10.30.10.30 fw all -it''s not working. shorewall not recognize the all value.> > That looks correct. Since ''protocol'' is all then ''dest port'' needs to > be > - and ''client port'' is not required since ''original dest'' is not > going to be used. > > > -- > Paul Slinski -o) > Network Administrator /\ > Global IQX, Inc. _\_v > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >------------------------------------------------------------------------ ------- Best Regards Liew Toh Seng Icq No: >> 36835809 << MSN: >> tohseng@hotmail.com << * .--. * |o_o | * |:_/ | * // * (| | ) * /''\_ _/` The Internet Solution Company * \___)=(___ My Directory Sdn Bhd
On Wed, 2004-04-21 at 08:49, Liew Toh Seng wrote:> > /etc/shorewall/rules > > ACCEPT loc:10.30.10.30 fw all - > > it''s not working. shorewall not recognize the all value.FWIW, I just put that rule into my configuration and shorewall had no complaints. Please post the output of your "shorewall start" so we can see what/how it is complaining.
it''s working already, i think may be my statements is not correct On Apr 21, 2004, at 08:59 AM, Ed Greshko wrote:>>> ACCEPT loc:10.30.10.30 fw all - >>>------------------------------------------------------------------------ ------- Best Regards Liew Toh Seng Icq No: >> 36835809 << MSN: >> tohseng@hotmail.com << * .--. * |o_o | * |:_/ | * // * (| | ) * /''\_ _/` The Internet Solution Company * \___)=(___ My Directory Sdn Bhd
Liew Toh Seng wrote:>>> >> >> Note to self: Do not respond to mailing lists before first cup of >> coffee. >> >> Sorry for the misinformation. >> >> /etc/shorewall/rules >> ACCEPT loc:10.30.10.30 fw all - > > > it''s not working. shorewall not recognize the all value.I give up -- the language barrier is just too high (as is my blood pressure) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Liew Toh Seng wrote: > >>>> >>> >>> Note to self: Do not respond to mailing lists before first cup of >>> coffee. >>> >>> Sorry for the misinformation. >>> >>> /etc/shorewall/rules >>> ACCEPT loc:10.30.10.30 fw all - >> >> >> >> it''s not working. shorewall not recognize the all value. > > > I give up -- the language barrier is just too high (as is my blood > pressure)Ok -- let me try one more time. Any value that Shorewall doesn''t recognize just gets passed to iptables and iptables DOES recognize ''all'': gateway:~# iptables -N foo gateway:~# iptables -A foo -p all -j ACCEPT gateway:~# So: a) What rule "exactly" have you entered? b) What do you see when you try "shorewall start"? c) What version of Shorewall are you running (type "shorewall version")? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net