Ing. Jorge E. Boardman C.
2003-Jul-08 11:15 UTC
[Shorewall-users] Can anybody help me on this?
Hi there: I have this configuration: |-----[Server 2] | [Internet]--------[Router]----------[Switch]------------ [Server 1] | |-----[PC1] | |-----[PC2] | |-----[PC3] Server 1 has IP 216.251.XXX.XX1 Server 2 has IP 216.251.XXX.XX2 PC1 has IP 216.251.XXX.XX3 PC2 has IP 192.168.XXX.1 PC3 has IP 192.168.XXX.2 How do I configure shorewall in SERVER 2 to block to/from the Internet Port 22 (ssh), but do not block port 22 from PC1 and PC2 and PC3 ??? Currently I have shorewall confufured like "quick-guide one interface example", with some open ports in rules script and some blacklists. Thks for your help. Best Regards Jorge
Ing. Jorge E. Boardman C.
2003-Jul-08 11:19 UTC
[Shorewall-users] Can anybody help me on this?
The diagram doesn?t showed as I planned: The Servers and the PC?s are connected to [switch] ----- Original Message ----- From: "Ing. Jorge E. Boardman C." <boardman@laredonet.com> To: <shorewall-users@lists.shorewall.net> Sent: Tuesday, July 08, 2003 1:15 PM Subject: [Shorewall-users] Can anybody help me on this?> Hi there: > > I have this configuration: > > > |-----[Server 2] > > | > [Internet]--------[Router]----------[Switch]------------ [Server 1] > > | > > |-----[PC1] > > | > > |-----[PC2] > > | > > |-----[PC3] > > Server 1 has IP 216.251.XXX.XX1 > Server 2 has IP 216.251.XXX.XX2 > PC1 has IP 216.251.XXX.XX3 > PC2 has IP 192.168.XXX.1 > PC3 has IP 192.168.XXX.2 > > How do I configure shorewall in SERVER 2 to block to/from the InternetPort> 22 (ssh), but do not block port 22 from PC1 and PC2 and PC3 ??? > > Currently I have shorewall confufured like "quick-guide one interface > example", with some open ports in rules script and some blacklists. > > > Thks for your help. > > Best Regards > > Jorge > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Tue, 2003-07-08 at 11:15, Ing. Jorge E. Boardman C. wrote:> Hi there: > > I have this configuration: > > > |-----[Server 2] > > | > [Internet]--------[Router]----------[Switch]------------ [Server 1] > > | > > |-----[PC1] > > | > > |-----[PC2] > > | > > |-----[PC3] > > Server 1 has IP 216.251.XXX.XX1 > Server 2 has IP 216.251.XXX.XX2 > PC1 has IP 216.251.XXX.XX3 > PC2 has IP 192.168.XXX.1 > PC3 has IP 192.168.XXX.2 > > How do I configure shorewall in SERVER 2 to block to/from the Internet Port > 22 (ssh), but do not block port 22 from PC1 and PC2 and PC3 ???Your ASCII art is hopeless when folded by your mailer but it looks like you want: ACCEPT net:216.251.XXX.XX1,192.168.XXX.1,192.168.XXX.2 fw tcp 22 -Tom PS -- It''s really silly to hide your IP addresses when the real addresses are right there in your SMTP headers :-) -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net