Hi All, If this information is in the FAQ or elsewhere I apologize. I do not know enough information to even formulate a proper search. I have a two interface setup, I used the two interface ''Quick Start'' configuration v1.4.6c, and installed via RPM v1.4.6c. My OS is RH9 running kernel v2.4.20-6. The question is: 1: When configuring for services, where are they considered running. What I mean is if I want to open ssh(22) so that I can get to it from the inside is it? ACCEPT loc fw 22 22 ACCEPT loc loc 22 22 Basically are services considered to be running on fw or loc? Currently I can not ssh when the firewall is running. Thank you, Bryan Scott
Francesca C Smith
2003-Oct-08 15:41 UTC
[Shorewall-users] RE: Confused about interfaces/services
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 06:07 PM 10/8/2003, you wrote:>The question is: >1: When configuring for services, where are they considered running. >What I mean is if I want to open ssh(22) so that I can get to it from >the inside is it? >ACCEPT loc fw 22 22 >ACCEPT loc loc 22 22 >Basically are services considered to be running on fw or loc? > >Currently I can not ssh when the firewall is running.Duh Correct Rule is ACCEPT loc $FW tcp 22 Lady Linux "No Problems Only Solutions" Francesca C. Smith Lady Linux Internet Services fsmith@ladylinux.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBP4SRjW9MXAhl3ducEQIEkgCgtUniEGC4VC/PT1HMb3l4oM70i80An0Ka l/wuxHC3ZP4AVeLmX0qfeaAT =X/XD -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Hi All, > If this information is in the FAQ or elsewhere I apologize. I do not > know enough information to even formulate a proper search. > > I have a two interface setup, I used the two interface ''Quick Start'' > configuration v1.4.6c, and installed via RPM v1.4.6c. My OS is RH9 > running kernel v2.4.20-6. > > The question is: > 1: When configuring for services, where are they considered running. > What I mean is if I want to open ssh(22) so that I can get to it from > the inside is it? > ACCEPT loc fw 22 22 > ACCEPT loc loc 22 22 > Basically are services considered to be running on fw or loc?Basically it is quite easy What to do with it =09from where=09=09to where=09=09=09=09transport method=09=09service. ACCEPT/REJECT=09localnet=09=09firewall facing localnet=09=09tcp/udp=09=09=0922> > Currently I can not ssh when the firewall is running. > > Thank you, > Bryan Scott> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: > http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm- -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. PGP ID: 589F8449 Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/hJUrKiWi8VifhEkRAiBzAJ91wnjoJaxw5NGpsUTccJh5il88VACdF5gk 73Wik97WnZepEO9K/gTcCic=kYYX -----END PGP SIGNATURE-----
Bryan S. Scott
2003-Oct-08 16:37 UTC
[Shorewall-users] RE: Confused about interfaces/services
Thanks for all y''alls help! It works from the outside. and inside. yeah :-) -Bryan On Wed, 2003-10-08 at 17:37, Francesca C Smith wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > At 06:07 PM 10/8/2003, you wrote: > >The question is: > >1: When configuring for services, where are they considered running. > >What I mean is if I want to open ssh(22) so that I can get to it from > >the inside is it? > >ACCEPT loc fw 22 22 > >ACCEPT loc loc 22 22 > >Basically are services considered to be running on fw or loc? > > > >Currently I can not ssh when the firewall is running. > > > Duh > > Correct Rule is > > ACCEPT loc $FW tcp 22 > > Lady Linux > > > "No Problems Only Solutions" > Francesca C. Smith > Lady Linux Internet Services > fsmith@ladylinux.com > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > iQA/AwUBP4SRjW9MXAhl3ducEQIEkgCgtUniEGC4VC/PT1HMb3l4oM70i80An0Ka > l/wuxHC3ZP4AVeLmX0qfeaAT > =X/XD > -----END PGP SIGNATURE----- > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm-- Bryan S. Scott <bscott@strategal.net> Strategal, L.L.C.