Henrik Flindt Hansen
2003-Jan-14 12:25 UTC
[Shorewall-users] Access to fw from only 1 specific IP on the internet
I''m a bit confused about the zones vs. rules regulatives. Scenario: I''m setting up an firewall for a friend with loc, net and dmz zones (and ofcourse the firewall itself fw). I need to be able to remotely administrate it, either through ssh or webinterface, because of the physical distance. lets asume my public IP at home is 80.80.80.80 Would it (if we focus on ssh connection from my IP only on the net zone) be sufficient with the following rule (asuming default zones and rules like in the manual):action source dest proto destport DNAT net:80.80.80.80 fw ssh 22 Hope you can answer this as i would like to setup only this part onsite and then make the rest from back home :) Best regards Henrik Flindt Hansen www.linuxplanet.dk
Tom Eastep
2003-Jan-14 14:10 UTC
[Shorewall-users] Access to fw from only 1 specific IP on the internet
--On Tuesday, January 14, 2003 09:24:59 PM +0100 Henrik Flindt Hansen <hfh@linuxplanet.dk> wrote:> I''m a bit confused about the zones vs. rules regulatives. > > Scenario: > I''m setting up an firewall for a friend with loc, net and dmz zones (and > ofcourse the firewall itself fw). > I need to be able to remotely administrate it, either through ssh or > webinterface, because of the physical distance. > lets asume my public IP at home is 80.80.80.80 > Would it (if we focus on ssh connection from my IP only on the net zone) > be sufficient with the following rule (asuming default zones and rules > like in the manual):action source dest proto > destport DNAT net:80.80.80.80 fw ssh 22 >You want ACCEPT net:80.80.80.80 fw ssh 22 AND in /etc/shorewall/routestopped, you want: <your net if> 80.80.80.80 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net