--On Saturday, December 14, 2002 02:15:33 PM +0000 Will Lehman
<haldrik@optonline.net> wrote:
> Hello:
> I''ve searched the docs and faq, but I can''t find an
answer to this
> problem. I''m running shorewall on a linux Mandrake 9.0 box (my
main
> computer) that''s connected to a cable modem (eth1) and a win2k
box (eth0
> through crossover cable). The orginal shorewall setup was done
> automatically by Mandrake to allow internet sharing. The problem is that
> the firewall rejects a lot of stuff between my linux box and the win2k
> box (ideally, I''d like free traffic between the two).
> I can see in the interfaces file that eth0 is set to "masq" and
eth1 is
> "net". However, my linux box isn''t defined as loc or
masq, or anything
> else that I can see. Here is what a rejected packet from the win box to
> the linux box looks like:
>
> Dec 14 14:00:48 Homer kernel: Shorewall:all2all:REJECT:IN=eth0 OUT>
MAC=00:04:5a:76:f1:22:00:04:5a:6a:a4:6c:08:00 SRC=192.168.1.253
> DST=192.168.1.1 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=63140 PROTO=UDP
> SPT=137 DPT=32787 LEN=70
> (Notice OUT="nothing"")
>
> How can I get shorewall to allow all connections between the linux box
> and win box (is this a security risk?) without opening up to the outside
> internet world?
Will,
The Mandrake 9.0 GUI does a very strange job of configuring Shorewall when
you have it configure Internet Connection Sharing.
I suggest that you take a look at http://shorewall.sf.net/two-interface.htm
-- If you follow the instructions there, you will get rid of the bizarre
three-zone setup that Mandrake has done for you and you will end up with a
two-zone configuration that is much more understandable. Once you have gone
through the above document and followed its step by step instructions, the
answer to your other question should be obvious -- if it isn''t then
feel
free to post again.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net