Shorewall users - Aug 2002 - SSH Rules

Hi,

I''m running a Bering (rc3) firewall with 2 internal networks.  I have 5
static IPs available on my DSL line.  I''m keeping my main Window 2000
computer direclty connected to my DSL hub until I can get all my
firewall rules worked out (netmeeting <ugh> etc).

I have SSH working fine to my firewall as long as I''m connected from
either the internal network or the DMZ network.  I want to set up a rule
to allow my main Windows 2000 box to SSH to my firewall.

Sample ip''s for discussion sake would be:

Windows 2000 pc:  1.1.1.18/29

Bering RC3 w/ Shorewall 1.3.6: 
net zone  eth0 = 1.1.1.22/29 <-- external interface
loc zone  eth1 = 192.168.1.254/24 <-- to protected network
dmz zone  eth2 = 192.168.2.254/24 <-- to DMZ

I tried adding a rule like:

ACCEPT  net:1.1.1.18  fw  tcp  ssh

This passes the shorewall check scan, but when I do a shorewall restart
the configuration messages hang when if processes this rule.

If I use the rule:

ACCEPT net fw tcp ssh 

I can connect fine, but so can the rest of the world.

Am I missing a step or did I get the rule wrong?  Is it possible to
connect from my Windows 2000 pc since it''s on the same subnet as my
Shorewall eth0?

Thanks for your help.

Michael

On Tuesday 27 August 2002 01:55 pm, Michael Bonner wrote:
>
> I tried adding a rule like:
>
> ACCEPT  net:1.1.1.18  fw  tcp  ssh
>
> This passes the shorewall check scan, but when I do a shorewall restart
> the configuration messages hang when if processes this rule.
>
There''s nothing wrong with the rule as you''ve included it here
and I can think
of no reason for it to hang if you''ve coded exactly that way. If you
get me a
debugging trace (see http://www.shorewall.net/troubleshoot.htm), I''ll
try to
understand what''s happening.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net