Hello ,
I''m not a susbcribed to your mailing list.
I''m installing shorewall 2.04. on a redhat 8.0 (kernel 2.4.18-14)
system
running on a PIII800 Mhz system.
As you understand if you are reading, nothing works.
My provider give me 6 public address from 195.x.x.225 to 195.xx.xx.230 on a
DSL line.
The provider give me a router with 5 Ethernet port.
My machine has two interface eth0 at 195.103.11.227 and eth1 connected to
my internal network the ip will be 10.84.0.1.
I have a double DNS on the machine that resolve from inside to outside and
vice versa (works good)
I installed everything but (as usual nothing works).
I have only one question:
in the head of the /etc/rules file is written
#
# WARNING: If you masquerade or use SNAT from a local system to the
internet
# you cannot use a ACCEPT rule to allow traffic from the
internet to
# that system. You "must" use a DNAT rule instead.
#
the assumption will be ok, but please can you write the rule and policy in
order to permit to an
internal user to navigate the internet with the last fashion brower ?
I have this configuration but nothing works, and also from the firewall
itself when i start shorewall i can''t
resolve any other outside server with dns.
rules:
# Accept DNS connections from the firewall to the network
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
# Accept SSH connections from the local network for administration
ACCEPT loc fw tcp 22
# Allow Ping To And From Firewall
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
ACCEPT loc net tcp 80
policy:
fw net ACCEPT -
# THE FOLLOWING POLICY MUST BE LAST
loc net ACCEPT -
net all DROP -
all all REJECT -
Angelo Feneri
netadmin@weidmuller.it