> > >No -- but you can add rules specifically for that IP address to
allow
>it
> > >any
> > >access that you want to give it. To give the IP complete access in
and
>out,
> > >you can add these at the top of /etc/shorewall/rules:
> > >
> > >ACCEPT loc:200.x.x.195 all all
> > >ACCEPT all loc:200.x.x.195 all
> > >
> > >-Tom
> >
> > ok Mr Tom , that rule was added
> > but I scan with NMAP and it shows this to :
> > /*
> > [root@totalweb root]# nmap 200.x.x.194
> > Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-03
14:12
>COT
> > Note: Host seems down. If it is really up, but blocking our ping
probes,
>try
> > -P0Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.061
>seconds
> > [root@totalweb root]#
> > */
> > the computer that has the IP 200.x.x.194, sails correctly and
apparently
>all
> > this good, and I scan I did it from another computer in Internet
> > that I could be badly configured?
>
>I don''t understand --
>
>a) The rules I gave you were for IP address 200.x.x.195
>b) You claim that nmap doesn''t work; yet
>c) You say that the IP 200.x.x.194 "sails correctly"
>
>We are loosing something in the translation...
I have 2 ip 200.x.x.194 and 200.x.x.195
the network card of " net " has the IP 200.x.x.195, eth0
the network card of " loc " has the IP 192.168.0.1 eth2
the network card of " dmz " has the IP 172.16.0.1 eth1
/etc/shorewall/proxyarp , configured in this form:
200.x.x.194 eth2 eth0 no
/etc/shorewall/rules, , configured in this form:
ACCEPT loc:200.x.x.194 all all
ACCEPT all loc:200.x.x.194 all
and a computer in the LOC configured with the IP 200.x.x.194 sails
correctly,
the question is, so that when I scan with NMAP the IP 200.x.x.194 does not
show the ports to me opened in this computer ?
thanks
_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/