Sean Rima wrote:> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am new to shorewall, and I have put it onto my small
> network. Basically this is just two PC''s linked via a Ethernet.
>
> I am trying to convert from another script to Shorewall but I am
> getting lost because my firewall machine is active, ie has users who
> log into it, locally. The network is like this because I lost my hob
> yesterday.
>
> What do I have to enable to allow fw/loc and fw/net to talk to each
> other, without having to check each port?
>
I really advise against opening fw<->net -- You should open only what is
absolutely necessary on that boundary. For fw<->loc, just add ACCEPT
policies to /etc/shorewall/policy
fw loc ACCEPT
loc fw ACCEPT
Be sure that you add them above any wild-card policies (those using all)
that refer to either fw or loc.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net