[This email is either empty or too large to be displayed at this time]
one1500@hotma..... .. wrote:> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htmPlease post in plain text -- it appears that HTML->text conversion failed on your message. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
one1500@hotma..... .. wrote: > Hi, i''m running Shorewall 1.4.10d with the two-interface-sample and > everything works great for me, my question is : sometimes to test > something i want my LAN to have access to the internet when i run " > shorewall clear" , how do i configure shorewall for that? > thanks for a great tool ! > sincerly, > Michael > i''m not suscribed to the list I was able to find your original post and I pasted the text above. The "shorewall clear" command does what it says -- it removes all Shorewall rules/routes/devices etc. In the "clear" state, you won''t be able to access the internet unless you manually add the appropriate MASQUERADE/SNAT rule to allow such access. You can place that command in the /etc/shorewall/clear file (you will have to create that file). Without knowing more about your setup, I can''t tell you the details of the command but it will usually have the general form: iptables -t nat -A POSTROUTING -s <your internal net> -o <your external if> -j MASQUERADE -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
one1500@hotma..... .. wrote:> Tom i had to edit install.sh to make shorewall-2.0.1 work on Slackware, > i changed the path from /etc/init to /etc/rc.d, also i had to add the > command shorewall start to /etc/rc.d/rc.local for boot startup, both > issues i didn''t have with shorewall-1.4, you probably know this but i > wanted to tell you cause i don''t want slack begginers to discard your > software cause it didn''t work during installation.I largely rewrote the installer for 2.0. Unfortunately, I no longer have access to a Slackware system for testing and development and I don''t release code that I can''t test (a significant part of the code in the old installer dealt with Slackware). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Helo, Im totaly down with my mind, so i must contact you.-))) Shorewall is best fw i ever met. But i have one problem.....im sure very simple, but i dont know ho to finished by myself :-((( I have my HTTPS server on pc 192.168.1.7 behind my fw. My fw pc is with public ip 80.95.123.85, internal ip is .....1.100. and i need to DNAT to 192.168.1.7. Localy it working fine, but not from Outside :-((((( could you help me please???????? THX A LOOOOOOOOOOOOOOOOTTT S pozdravem Tomáš Mertha jednatel TargetMedia s.r.o Spoleènost pro správnou správu sítí Boøanovická 41/1777 Praha 8 WWW: http://www.targetmedia.cz <http://www.targetmedia.cz/> E-mail: tomas@targetmedia.cz <mailto:tomas@fiaseb.cz> T-Mobil: +420603 / 886 313 tel/fax: 284 686 056 GSM brana: 605 297 060
Try to use this rule assuming that the https server is in the local zone. DNAT net loc:192.168.1.7:443 TCP 443 Regards, Jason -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Mertha Sent: Monday, May 03, 2004 7:33 PM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Question Helo, Im totaly down with my mind, so i must contact you.-))) Shorewall is best fw i ever met. But i have one problem.....im sure very simple, but i dont know ho to finished by myself :-((( I have my HTTPS server on pc 192.168.1.7 behind my fw. My fw pc is with public ip 80.95.123.85, internal ip is .....1.100. and i need to DNAT to 192.168.1.7. Localy it working fine, but not from Outside :-((((( could you help me please???????? THX A LOOOOOOOOOOOOOOOOTTT S pozdravem Tomáš Mertha jednatel TargetMedia s.r.o Spoleènost pro správnou správu sítí Boøanovická 41/1777 Praha 8 WWW: http://www.targetmedia.cz <http://www.targetmedia.cz/> E-mail: tomas@targetmedia.cz <mailto:tomas@fiaseb.cz> T-Mobil: +420603 / 886 313 tel/fax: 284 686 056 GSM brana: 605 297 060 _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
I''m sorry, it should be DNAT net loc:192.168.1.7:443 tcp 443 Don''t use CAPS for tcp. Regards, Jason -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Jason Png Sent: Tuesday, May 04, 2004 12:49 AM To: ''Mailing List for Shorewall Users'' Subject: RE: [Shorewall-users] Question Try to use this rule assuming that the https server is in the local zone. DNAT net loc:192.168.1.7:443 TCP 443 Regards, Jason -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Mertha Sent: Monday, May 03, 2004 7:33 PM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Question Helo, Im totaly down with my mind, so i must contact you.-))) Shorewall is best fw i ever met. But i have one problem.....im sure very simple, but i dont know ho to finished by myself :-((( I have my HTTPS server on pc 192.168.1.7 behind my fw. My fw pc is with public ip 80.95.123.85, internal ip is .....1.100. and i need to DNAT to 192.168.1.7. Localy it working fine, but not from Outside :-((((( could you help me please???????? THX A LOOOOOOOOOOOOOOOOTTT S pozdravem Tomáš Mertha jednatel TargetMedia s.r.o Spoleènost pro správnou správu sítí Boøanovická 41/1777 Praha 8 WWW: http://www.targetmedia.cz <http://www.targetmedia.cz/> E-mail: tomas@targetmedia.cz <mailto:tomas@fiaseb.cz> T-Mobil: +420603 / 886 313 tel/fax: 284 686 056 GSM brana: 605 297 060 _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm