Shorewall users - Jul 2003 - Accessing Webmin

Hi

I would like to request some help in setting Shorewall up to allow 
connections from my LAN to specific ports on my Linux.  I am new to Linux 
and just starting to understand how it all works.  I am running Linux 
Mandrake 9.0 and Shorewall 1.3.7c.  I at one time had a connection to 
Webmin from my LAN and after a system upgrade it was lost, and I can no 
longer gain access to Webmin form my LAN.  I can access it from the Linux 
but prefere not to have to do this.  It was set up as a gateway, router and 
firewall only and never intended to be used as a workstation.  I do run a 
personal web server on it as well.  I have a 2 NIC interface eth0 is the 
INTERNET and eth1 is the LAN.

My Shorewall Policys are:

#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
masq	net	ACCEPT
loc	net	ACCEPT
fw	net	ACCEPT
net	all	DROP	info
all	all	REJECT	info

My Rules are as follows:

#ACTION  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL
#                       	        	PORT    PORT(S)    DEST
ACCEPT	net	fw	udp	443	-
ACCEPT	net	fw	tcp	80,443,22	-
ACCEPT	masq	fw	udp	443	-
ACCEPT	masq	fw	tcp	80,443,22	-
ACCEPT	loc	fw	udp	443	-
ACCEPT	loc	fw	tcp	80,443,22	-
ACCEPT	masq	fw	tcp	domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp	-
ACCEPT	masq	fw	udp	domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp	-
ACCEPT	fw	masq	tcp	631,137,138,139	-
ACCEPT	fw	masq	udp	631,137,138,139	-

I need to be able to have port 10000 open so I can use Webmin from my LAN 
computers.

TIA
Tango -- Using M2, Opera''s revolutionary e-mail client: 
http://www.opera.com/m2/

On Wed, 2003-07-16 at 13:07, Tango wrote:
> Hi
> 
> I would like to request some help in setting Shorewall up to allow 
> connections from my LAN to specific ports on my Linux.  I am new to Linux 
> and just starting to understand how it all works.  I am running Linux 
> Mandrake 9.0 and Shorewall 1.3.7c.  I at one time had a connection to 
> Webmin from my LAN and after a system upgrade it was lost, and I can no 
> longer gain access to Webmin form my LAN.  I can access it from the Linux 
> but prefere not to have to do this.  It was set up as a gateway, router and
> firewall only and never intended to be used as a workstation.  I do run a 
> personal web server on it as well.  I have a 2 NIC interface eth0 is the 
> INTERNET and eth1 is the LAN.

You might consider reading through the two-interface QuickStart Guide
sometime (http://shorewall.net/two-interface.htm); it will give you a
good overview of basic Shorewall configuration. Just be sure that you
realize that Mandrake uses ''masq'' for the name of the local
zone whereas
the rest of the world (including my documentation) uses ''loc''.

The rule that you want is:

ACCEPT	masq	fw	tcp	10000

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net