Hello, Can anybody tell me how do i enable high ports access from internet to the shorewall? Thanks in advance, Manuel Santos Arundel Systems
Can you be more explicit about your requirement? I''m unclear about what you are asking. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ----- Original Message ----- From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> To: <shorewall-users@shorewall.net> Sent: Monday, March 11, 2002 5:49 PM Subject: [Shorewall-users] High Ports> > Hello, > > Can anybody tell me how do i enable high ports access from internet to the > shorewall? > > Thanks in advance, > > Manuel Santos > Arundel Systems > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >
It''s simple, i want to allow access for ex. from 213.22.89.13/8 to port 38057 Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:90:27:66:73:0f:00:02:fc:85:b0:54:08:00 SRC=213.22.84.220 DST=213.22.89.13 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=29432 DF PROTO=TCP SPT=4101 DPT=38057 WINDOW=16384 RES=0x00 SYN URGP=0 On Mon, 11 Mar 2002, Tom Eastep wrote:> Can you be more explicit about your requirement? I''m unclear about what you > are asking. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > > ----- Original Message ----- > From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> > To: <shorewall-users@shorewall.net> > Sent: Monday, March 11, 2002 5:49 PM > Subject: [Shorewall-users] High Ports > > > > > > Hello, > > > > Can anybody tell me how do i enable high ports access from internet to the > > shorewall? > > > > Thanks in advance, > > > > Manuel Santos > > Arundel Systems > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@shorewall.net > > http://www.shorewall.net/mailman/listinfo/shorewall-users > > >
----- Original Message ----- From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> To: "Tom Eastep" <teastep@shorewall.net> Cc: <shorewall-users@shorewall.net> Sent: Monday, March 11, 2002 5:56 PM Subject: Re: [Shorewall-users] High Ports> > It''s simple, i want to allow access for ex. from 213.22.89.13/8 to port > 38057You want to allow access from 213.0.0.0/8? -- I shudder to ask why. You neglected to mention which protocol you want to give 16+ Millions systems access to so I''ll assume tcp; if you wanted udp, the change is obvious: In /etc/shorewall/rules: ACCEPT net:213.0.0.0/8 fw tcp 38057 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Well, it''a an example...:) But can i write 38000-39000, to able to accept this range of ports connections? If not, how can i do this? On Mon, 11 Mar 2002, Tom Eastep wrote:> > ----- Original Message ----- > From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> > To: "Tom Eastep" <teastep@shorewall.net> > Cc: <shorewall-users@shorewall.net> > Sent: Monday, March 11, 2002 5:56 PM > Subject: Re: [Shorewall-users] High Ports > > > > > > It''s simple, i want to allow access for ex. from 213.22.89.13/8 to port > > 38057 > > You want to allow access from 213.0.0.0/8? -- I shudder to ask why. You > neglected to mention which protocol you want to give 16+ Millions systems > access to so I''ll assume tcp; if you wanted udp, the change is obvious: > > In /etc/shorewall/rules: > > ACCEPT net:213.0.0.0/8 fw tcp 38057 > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > >
The syntax is 38000:39000 -Tom ----- Original Message ----- From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> To: "Tom Eastep" <teastep@shorewall.net> Cc: <shorewall-users@shorewall.net> Sent: Monday, March 11, 2002 6:19 PM Subject: Re: [Shorewall-users] High Ports> > Well, it''a an example...:) > > But can i write 38000-39000, to able to accept this range of ports > connections? > If not, how can i do this? > > > On Mon, 11 Mar 2002, Tom Eastep wrote: > > > > > ----- Original Message ----- > > From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> > > To: "Tom Eastep" <teastep@shorewall.net> > > Cc: <shorewall-users@shorewall.net> > > Sent: Monday, March 11, 2002 5:56 PM > > Subject: Re: [Shorewall-users] High Ports > > > > > > > > > > It''s simple, i want to allow access for ex. from 213.22.89.13/8 toport> > > 38057 > > > > You want to allow access from 213.0.0.0/8? -- I shudder to ask why. You > > neglected to mention which protocol you want to give 16+ Millionssystems> > access to so I''ll assume tcp; if you wanted udp, the change is obvious: > > > > In /etc/shorewall/rules: > > > > ACCEPT net:213.0.0.0/8 fw tcp 38057 > > > > -Tom > > -- > > Tom Eastep \ Shorewall - iptables made easy > > AIM: tmeastep \ http://www.shorewall.net > > ICQ: #60745924 \ teastep@shorewall.net > > > > > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >
You need to use : there instead. ACCEPT net:213.0.0.0/8 fw tcp 38000:39000 Regards, Markus At 02:19 12.03.2002 +0000, Manuel Pompeia Santos wrote:>Well, it''a an example...:) > >But can i write 38000-39000, to able to accept this range of ports >connections? >If not, how can i do this? > > >On Mon, 11 Mar 2002, Tom Eastep wrote: > > > > > ----- Original Message ----- > > From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> > > To: "Tom Eastep" <teastep@shorewall.net> > > Cc: <shorewall-users@shorewall.net> > > Sent: Monday, March 11, 2002 5:56 PM > > Subject: Re: [Shorewall-users] High Ports > > > > > > > > > > It''s simple, i want to allow access for ex. from 213.22.89.13/8 to port > > > 38057 > > > > You want to allow access from 213.0.0.0/8? -- I shudder to ask why. You > > neglected to mention which protocol you want to give 16+ Millions systems > > access to so I''ll assume tcp; if you wanted udp, the change is obvious: > > > > In /etc/shorewall/rules: > > > > ACCEPT net:213.0.0.0/8 fw tcp 38057 > > > > -Tom > > -- > > Tom Eastep \ Shorewall - iptables made easy > > AIM: tmeastep \ http://www.shorewall.net > > ICQ: #60745924 \ teastep@shorewall.net > > > > > > > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users
Thanks, it''s now working. Manuel Pompeia Santos said:> > Well, it''a an example...:) > > But can i write 38000-39000, to able to accept this range of ports > connections? > If not, how can i do this? > > > On Mon, 11 Mar 2002, Tom Eastep wrote: > >> >> ----- Original Message ----- >> From: "Manuel Pompeia Santos" <mpompeia@arundel.homelinux.org> >> To: "Tom Eastep" <teastep@shorewall.net> >> Cc: <shorewall-users@shorewall.net> >> Sent: Monday, March 11, 2002 5:56 PM >> Subject: Re: [Shorewall-users] High Ports >> >> >> > >> > It''s simple, i want to allow access for ex. from 213.22.89.13/8 to >> > port 38057 >> >> You want to allow access from 213.0.0.0/8? -- I shudder to ask why. >> You neglected to mention which protocol you want to give 16+ Millions >> systems access to so I''ll assume tcp; if you wanted udp, the change is >> obvious: >> >> In /etc/shorewall/rules: >> >> ACCEPT net:213.0.0.0/8 fw tcp 38057 >> >> -Tom >> -- >> Tom Eastep \ Shorewall - iptables made easy >> AIM: tmeastep \ http://www.shorewall.net >> ICQ: #60745924 \ teastep@shorewall.net >> >> >> > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users
Manuel Pompeia Santos wrote:> Thanks, it''s now working. > > Manuel Pompeia Santos said: > > > > Well, it''a an example...:) > > > > But can i write 38000-39000, to able to accept this range of ports > > connections? > > If not, how can i do this? > > ... > >> > > >> > It''s simple, i want to allow access for ex. from 213.22.89.13/8 to > >> > port 38057 > >> > >> You want to allow access from 213.0.0.0/8? -- I shudder to ask why. > >> You neglected to mention which protocol you want to give 16+ Millions > >> systems access to so I''ll assume tcp; if you wanted udp, the change is > >> obvious: > >> > >> In /etc/shorewall/rules: > >> > >> ACCEPT net:213.0.0.0/8 fw tcp 38057Hi all, Just a quick tip to any lurkers on the list: this is a fairly basic question that is answered well in the documentation. It pays to read it before asking a question here. On the general topic of asking questions, i highly recommend reading Eric Raymond''s "How To Ask Questions The Smart Way" at http://www.tuxedo.org/~esr/faqs/smart-questions.html. Manuel, please don''t take this as a personal criticism - it''s a general comment. I say it because i''m concerned at the number of questions Tom has to answer that take him away from coding shorewall. :-) Paul http://paulgear.webhop.net P.S. Tom - still haven''t got to the MAC address filtering testing. You might have to try someone else if you want quick results.