Shorewall Version = 1.3.14
Kernal = 2.4.21-0.13mdk
IP Info =
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:d0:b7:85:6f:cd brd ff:ff:ff:ff:ff:ff
inet 172.16.1.11/24 brd 172.16.1.255 scope global eth0
Route Info =
172.16.1.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 172.16.1.1 dev eth0
I am setting up a Mandrake machine with a single interface. This machine
sits behind a D-Link router/fw and has a local IP address. This machine
does not handle DHCP, DNS or anything other service for another machine.
The goal of using Shorewall here is to simply protect connections coming in
and out for the machine.
The problem that I am having is dealing with zones. My simple network looks
as thus:
Public Internet
|------------|
| D-Link |
|------------|
|| 172.16.1.1
||
/\
/ \
/ \
172.16.1.11 172.16.1.5
|----------------| |--------------|
MDK FW WIN
|----------------| |--------------|
I have the eth0 interface on the Linux machine set to the loc zone. I can
setup rules and allow traffic. However, my first test rules were allowing
traffic from the loc zone to the fw zone. This worked without a problem. I
then created rules allowing traffic from the net zone to the mandrake
machine. As I watched the log, I saw that everything was being accepted
using my local zone rather then the net zone. I went on to further test and
removed all net rules, and address from the net zone (any other ip then my
172.16.1.0/24 network) was still being accepted using the loc zone.
I tried to use the hosts file to set ip''s that were in the loc zone,
however
this did''nt work either.
My goal here is simple: allow all traffic to the mandrake machine from all
hosts on the same subnet, however, let me define rules for any other subnet
that tries to make a connection.
Thanks in advance for the support.