Hi All,
(please reply directly as I''m not on the mailing list )
I''m trying to setup a firewall for the below config but I''m
not sure
what set of rules or even how to go about it .
Internal Subnet setup on Lab network with Sun Microsystems
==========================================================
Firewall machine with Fedora and Webmin/Shorewall Installed
----------------------------------------------------------
eth1
----
IP address
=========129.156.221.X (connected to lab network)
eth0
----
IP address
=========10.0.0.X (connected to sub network)
Switch connected to two test machines via subnet
Test Machine1
IP address
=========10.0.0.X
Test machine2
IP address
=========10.0.0.X
(The above are all "pingable" at the moment)
I also need to set a boot/install/Image server on the subnet so I can
put s/w on the test machines.
What I want is rules that will allow the following.
- Allow me to access to put images from my install server on my lab
network to the install server on my subnet but not the other way around
(i.e outbound only)
- Allow access if possible to certain internal webpages , or I''ll have
to mirror those pages on the Install server
- Allow inbound Email access to send test reports and receive instructions.
The info you''re looking for is below:
[root@tux root]# shorewall status
Shorewall-2.0.3 Status at tux - Fri Aug 6 14:20:31 EDT 2004
Chain INPUT (policy ACCEPT 642 packets, 56501 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 624 packets, 47080 bytes)
pkts bytes target prot opt in out source
destination
===========================================================[root@tux root]#
shorewall show
Shorewall-2.0.3 Chain at tux - Fri Aug 6 14:21:04 EDT 2004
Chain INPUT (policy ACCEPT 686 packets, 60988 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 665 packets, 50492 bytes)
pkts bytes target prot opt in out source
destination
[root@tux root]#
=============================================================[root@tux root]#
shorewall version
2.0.3
[root@tux root]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
5: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:ac:38:a5:dd brd ff:ff:ff:ff:ff:ff
inet 10.0.0.10/24 brd 10.0.0.255 scope global eth0
inet6 fe80::204:acff:fe38:a5dd/64 scope link
valid_lft forever preferred_lft forever
6: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:18:d2:00:d8 brd ff:ff:ff:ff:ff:ff
inet 129.156.221.152/24 brd 129.156.221.255 scope global eth1
inet6 fe80::2e0:18ff:fed2:d8/64 scope link
valid_lft forever preferred_lft forever
=============================================================[root@tux root]# ip
route show
10.0.0.0/24 dev eth0 scope link
129.156.221.0/24 dev eth1 scope link
169.254.0.0/16 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 129.156.221.101 dev eth1
Thanks in advance,
Dermot