Jan Johansson
2002-Jan-31 09:53 UTC
[Shorewall-users] Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh - 212.247.15.77"?
Why do i get Processing /etc/shorewall/rules... Rule "ACCEPT local fw tcp ssh" added. Rule "ACCEPT net fw tcp auth" added. Rule "ACCEPT fw net udp ntp" added. Rule "ACCEPT fw net tcp www,domain,ssh,ftp,https,smtp" added. Rule "ACCEPT fw net udp domain" added. Rule "ACCEPT net fw tcp www,ftp,https" added. Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh - 212.247.15.77" Rule "ACCEPT net fw tcp ssh - 212.247.15.77" added. Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ftp - 212.247.15.77" Rule "ACCEPT net fw tcp ftp - 212.247.15.77" added. Warning: ADDRESS (212.138.140.191) ignored in rule "ACCEPT net fw tcp ssh - 212.138.140.191" Rule "ACCEPT net fw tcp ssh - 212.138.140.191" added. Warning: ADDRESS (194.236.50.95) ignored in rule "ACCEPT net fw tcp ssh - 194.236.50.95" Rule "ACCEPT net fw tcp ssh - 194.236.50.95" added.>From the rules=20 #SSH Fran Vikings GW i askim. ACCEPT net fw tcp ssh - 212.247.15.77 # =20 #FTP Fran Vikings GW i askim =20 ACCEPT net fw tcp ftp - 212.247.15.77 # =20 #J2 ssh ACCEPT net fw tcp ssh - 212.138.140.191 # #JonasP SSH ACCEPT net fw tcp ssh - 194.236.50.95 Running the latest .deb (support:~/shorewall# cat /etc/shorewall/version 1.2.2)
Paul Gear
2002-Jan-31 12:31 UTC
[Shorewall-users] Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh - 212.247.15.77"?
Jan Johansson wrote:> Why do i get > > Processing /etc/shorewall/rules... > ... > Rule "ACCEPT net fw tcp www,ftp,https" added. > Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh > - 212.247.15.77" > Rule "ACCEPT net fw tcp ssh - 212.247.15.77" added. > Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ftp > - 212.247.15.77" > Rule "ACCEPT net fw tcp ftp - 212.247.15.77" added. > Warning: ADDRESS (212.138.140.191) ignored in rule "ACCEPT net fw tcp > ssh - 212.138.140.191" > Rule "ACCEPT net fw tcp ssh - 212.138.140.191" added. > Warning: ADDRESS (194.236.50.95) ignored in rule "ACCEPT net fw tcp ssh > - 194.236.50.95" > Rule "ACCEPT net fw tcp ssh - 194.236.50.95" added.This is because shorewall has already created the rule for the zone and still found data on the line. I think your syntax is wrong. Which are you trying to do - allow ssh from selected clients, or port forward ssh to selected servers? If you want to allow ssh from 212.247.15.77 to the firewall, you need to say: ACCEPT net:212.247.15.77 fw tcp ssh or if you want to forward ssh connections from the ''Net to 212.247.15.77, you need to say: ACCEPT net loc:212.247.15.77 tcp ssh - all as per the comments in the rules file. Paul http://paulgear.webhop.net
Jan Johansson
2002-Jan-31 12:49 UTC
[Shorewall-users] Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh - 212.247.15.77"?
> If you want to allow ssh from 212.247.15.77 to the firewall,=20 > you need to > say: > ACCEPT net:212.247.15.77 fw tcp sshYep.> or if you want to forward ssh connections from the ''Net to=20 > 212.247.15.77, > you need to say: > ACCEPT net loc:212.247.15.77 tcp ssh - all > as per the comments in the rules file.In the words of Homer J simpson *DOH* Thanks.
Jan Johansson
2002-Jan-31 12:55 UTC
[Shorewall-users] Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh - 212.247.15.77"?
> ACCEPT net:212.247.15.77 fw tcp sshHmm, i might have *DOH*''d to early, doing that blocks 212.247.15.77 from accessing SSH on the FW, the connerction just hangs. Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule "ACCEPT local fw tcp ssh" added. Rule "ACCEPT net fw tcp auth" added. Rule "ACCEPT fw net udp ntp" added. Rule "ACCEPT fw net tcp www,domain,ssh,ftp,https,smtp" added. Rule "ACCEPT fw net udp domain" added. Rule "ACCEPT net fw tcp www,ftp,https" added. Rule "ACCEPT net:212.247.15.77 fw tcp ftp" added. Rule "ACCEPT net:212.247.15.77 fw tcp ssh" added. Rule "ACCEPT net:212.181.140.140 fw tcp ssh" added. Rule "ACCEPT net:194.236.50.95 fw tcp ssh" added. Adding rules for DHCP Setting up ICMP Echo handling... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net. Policy DROP for net to fw. Policy ACCEPT for local to fw. Policy ACCEPT for local to net. Masqueraded Subnets and Hosts: Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16" added. Rule "all all tcp ftp-data - 8" added. Rule "all all tcp - ftp-data 8" added. Activating Rules... Shorewall Restarted support:~/shorewall#=20 But the client just hangs.