Tom Eastep
2002-Aug-22 13:52 UTC
Fwd: Re: [Shorewall-users] two-interface, checked everything, STILL does not work!
On Wednesday 21 August 2002 09:02 pm, Leo Li wrote:> My config as follow: > --zones -- > #ZONE DISPLAY COMMENTS > net Net Internet > loc Local Local networks > -- interfaces -- > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 - dhcp,routefilter,norfc1918 > loc eth0 detect routestopped # i tried chaning "detect" to > # 192.168.1.255 but doesn''t workIs eth0 really your local interface? So eth1 connects to your DSL/Cable/xxx modem?> -- policy -- > #SOURCE DEST POLICY LOG LEVEL > LIMIT:BURST loc net ACCEPT > fw net ACCEPT > net all DROP info > all all REJECT info > -- masq -- > #INTERFACE SUBNET ADDRESS > ppp0 192.168.1.0/24 # i tried changing ppp0 to eth1 > # but still doesn''t workIn this comment, you mention eth1!!!> -- rules -- > # FILTER RULES from INTERNET to firewall server > ACCEPT net fw tcp 21,22,23,25,53,80,110,443,65500:65535 # > FILTER RULE from local net to firewall server > ACCEPT loc fw tcp > 20,21,22,23,25,80,110,137,139,443,65500:65535 # samba > ACCEPT loc fw udp 137:139 > ACCEPT loc fw udp 1024: 137 > ACCEPT fw loc tcp 137,139 > ACCEPT fw loc udp 137:139 > ACCEPT fw loc udp 1024: 137 > # outgoing to dns > ACCEPT fw net tcp 53 > ACCEPT fw net udp 53 # <---- enable fw to net port 53I don''t see anything else wrong -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ------------------------------------------------------- --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net