Dear Support,
I ''ve installed shorewall 1.4.5 on Redhat 7.3 . My server has 2
Ethernet card (eth0,eth1). eth0 is for WAN can directly connect to ADSL
router.=20
ADSL router is for NAT. The ADSL has a fix IP "A" and DMZ to
192.168.0.1(eth0). (192.168.0.3) eth1 is connected to hub for local lan.=20
My local lan is go though eth1 then go to eth0 for internet access.
I want release ports 21 and 25 from WAN to my server. other ports I need to
reject.
I set "loc" and "net" in "zone" file.=20
And policy is set :
loc net ACCEPT
net loc DROP
all all REJECT
rules file is set:
ACCEPT net loc tcp 21
ACCEPT net loc tcp 25
After all configuration and I test to telnet 21 and 25 are rejected.
Then I change the policy setting :
all all ACCEPT
I can telnet 21 and 25. but other also can connect (example 110).
What should I do ?
Thank you for your helping asap
Best Regards
Mr Chung Yip
Chung schrieb:> > Dear Support, > I ''ve installed shorewall 1.4.5 on Redhat 7.3 . My server has 2 Ethernet card (eth0,eth1). eth0 is for WAN can directly connect to ADSL router. > ADSL router is for NAT. The ADSL has a fix IP "A" and DMZ to 192.168.0.1(eth0). (192.168.0.3) eth1 is connected to hub for local lan. > My local lan is go though eth1 then go to eth0 for internet access. > > I want release ports 21 and 25 from WAN to my server. other ports I need to reject. > > I set "loc" and "net" in "zone" file. > > And policy is set : > > loc net ACCEPT > net loc DROP > all all REJECT > > rules file is set: > > ACCEPT net loc tcp 21 > ACCEPT net loc tcp 25 > > After all configuration and I test to telnet 21 and 25 are rejected. > > Then I change the policy setting : > > all all ACCEPTDoesn''t the order of entries in the policy file matter? Looks like the problem you have. HTH Simon> > I can telnet 21 and 25. but other also can connect (example 110). > > What should I do ? > > Thank you for your helping asap > > Best Regards > > Mr Chung Yip > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
You should use $FW, not loc. ACCEPT net $FW tcp 21 ACCEPT net $FW tcp 25 but it have a little bit confuse because you use the same subnet for net and loc. Butter change the eth0 to another subnet. Or use the Linux to connect to your ADSL directly. Chung wrote:>Dear Support, > I ''ve installed shorewall 1.4.5 on Redhat 7.3 . My server has 2Ethernet card (eth0,eth1). eth0 is for WAN can directly connect to ADSL router.> ADSL router is for NAT. The ADSL has a fix IP "A" and DMZ to192.168.0.1(eth0). (192.168.0.3) eth1 is connected to hub for local lan.>My local lan is go though eth1 then go to eth0 for internet access. > > >I want release ports 21 and 25 from WAN to my server. other ports Ineed to reject.> >I set "loc" and "net" in "zone" file. > >And policy is set : > >loc net ACCEPT >net loc DROP >all all REJECT > >rules file is set: > >ACCEPT net loc tcp 21 >ACCEPT net loc tcp 25 > >After all configuration and I test to telnet 21 and 25 are rejected. > >Then I change the policy setting : > > >all all ACCEPT > >I can telnet 21 and 25. but other also can connect (example 110). > > >What should I do ? > >Thank you for your helping asap > >Best Regards > >Mr Chung Yip > > > > > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users>Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > >