On Wed, 10 Apr 2002, Richard Kimber wrote:
> On Tue, 9 Apr 2002 17:20:47 -0700 (Pacific Daylight Time)
> Tom Eastep <teastep@shorewall.net> wrote:
>
> > Version 1.0 of the Quick Start Guide and accompanying sample
> > configurations is available at:
> >
> > http://www.shorewall.net/shorewall_quickstart_guide.htm.
> >
> > Comments and suggestions are most welcome.
>
> Impressively quickly done.
>
> I have a few idiot questions that arise:
>
> I wasn''t clear about the zones in a standalone system. The
document
> implies that you just have "net", but shouldn''t there be
a zone for the
> machine too, i.e. for 127.0.0.1?
That''s the ''fw'' zone that is described in the Guide.
> I thought there ought to be a rule that
> permits everything that doesn''t go outside the machine, otherwise
you may
> not be able to print, which I can''t with the default setup, (using
CUPS).
>
Shorewall NEVER restricts traffic through 127.0.0.1. If you have problems
with printing, there is something else involved.
> Also, I assume my CM is outside the fw and is thus part of the net zone,
> but I wasn''t clear how to define a rule that allowed me to get my
browser
> to connect to it''s IP (192.168.100.1) to read the status info,
given the
> norfc1918 option.
If you have that requiremenent then you can''t use
''norfc1918''.
> I tried
> ACCEPT net:192.168.100.1 fw tcp 80
> but that didn''t work
>
Er -- your browser is in the firewall which is connecting to the CM,
right? So your rule is backward.
> FYI one tiny typo in ZONE line of interfaces: "Much match"
"Must match" ?
>
Thanks.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net