Hej, I have a problem for a wild with my firewall. I have to shut it down if I want the clients to connect to the server. I have 2 cards eth0 loc eth1 net her is the cut of /etc/shorewall/interfaces: net eth1 detect loc eth0 detect I can go to the net because a proxy (squid), but samba, nfs or ftp can''t reach the server. If I am shutting it down, it is working. What do I have to do ? Thank you Jean Christophe ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Jean Christophe wrote:> Hej, > I have a problem for a wild with my firewall. > I have to shut it down if I want the clients to connect to the server. > I have 2 cards > eth0 loc > eth1 net > her is the cut of /etc/shorewall/interfaces: > net eth1 detect > loc eth0 detect > > I can go to the net because a proxy (squid), but samba, nfs or ftp can''t > reach the server. > If I am shutting it down, it is working. > > What do I have to do ?I believe that you should start by reading these two articles: http://www.shorewall.net/Introduction.html http://www.shorewall.net/two-interfaces.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> I believe that you should start by reading these two articles: > > http://www.shorewall.net/Introduction.html > http://www.shorewall.net/two-interfaces.htmSorry -- the correct URL is http://www.shorewall.net/two-interface.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:>Jean Christophe wrote: > > >>Hej, >>I have a problem for a wild with my firewall. >>I have to shut it down if I want the clients to connect to the server. >>I have 2 cards >>eth0 loc >>eth1 net >>her is the cut of /etc/shorewall/interfaces: >>net eth1 detect >>loc eth0 detect >> >>I can go to the net because a proxy (squid), but samba, nfs or ftp can''t >>reach the server. >>If I am shutting it down, it is working. >> >>What do I have to do ? >> >> > >I believe that you should start by reading these two articles: > > http://www.shorewall.net/Introduction.html > http://www.shorewall.net/two-interfaces.htm >policy: loc net ACCEPT fw loc ACCEPT fw net ACCEPT net all DROP info all all REJECT info rules: REDIRECT loc 3128 tcp www - ACCEPT fw net tcp www It was the first part, and I think it''s looking good, but I am not sure. That''s why I wrotted to the mailing list ! Thank''s for your help, I''ll came back tomorrow and tell you how it is good or not. Jean Christophe ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Jean Christophe wrote:> Tom Eastep wrote: > >> Jean Christophe wrote: >> >> >>> Hej, >>> I have a problem for a wild with my firewall. >>> I have to shut it down if I want the clients to connect to the server. >>> I have 2 cards >>> eth0 loc >>> eth1 net >>> her is the cut of /etc/shorewall/interfaces: >>> net eth1 detect >>> loc eth0 detect >>> >>> I can go to the net because a proxy (squid), but samba, nfs or ftp can''t >>> reach the server. >>> If I am shutting it down, it is working. >>> >>> What do I have to do ? >>> >> >> I believe that you should start by reading these two articles: >> >> http://www.shorewall.net/Introduction.html >> http://www.shorewall.net/two-interfaces.htm >> > policy: > loc net ACCEPT > fw loc ACCEPT > fw net ACCEPT > net all DROP info > all all REJECT info > > rules: > REDIRECT loc 3128 tcp www -The above rule is redundant given your third policy above.> ACCEPT fw net tcp www > > It was the first part, and I think it''s looking good, but I am not sure. > That''s why I wrotted to the mailing list ! > Thank''s for your help, I''ll came back tomorrow and tell you how it is > good or not.Please follow the instructions -- you will also need an entry in /etc/shorewall/masq to have any loc->net access (assuming that your local network uses private IP addresses). For what it''s worth, if you configure "Internet Connection Sharing" using the Mandrake configuration GUI, it will do all of this for you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I have this error in shorewall and i need restart the shorewall any time.... Anyone can help-me to solve this question? My log appear about the dhcpclient but the 67 port is allow.... ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
On Wednesday 10 August 2005 12:14 pm, Marcelo Leão Caffaro wrote:> I have this error in shorewall and i need restart the shorewall any > time.... > > Anyone can help-me to solve this question? > > My log appear about the dhcpclient but the 67 port is allow....What is your MTU ? Have you tried setting it smaller? -- John Andersen - NORCOM http://www.norcomsoftware.com/ ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Tom Eastep wrote:>Jean Christophe wrote: > > >>Tom Eastep wrote: >> >> >> >>>Jean Christophe wrote: >>> >>> >>> >>> >>>>Hej, >>>>I have a problem for a wild with my firewall. >>>>I have to shut it down if I want the clients to connect to the server. >>>>I have 2 cards >>>>eth0 loc >>>>eth1 net >>>>her is the cut of /etc/shorewall/interfaces: >>>>net eth1 detect >>>>loc eth0 detect >>>> >>>>I can go to the net because a proxy (squid), but samba, nfs or ftp can''t >>>>reach the server. >>>>If I am shutting it down, it is working. >>>> >>>>What do I have to do ? >>>> >>>> >>>> >>>I believe that you should start by reading these two articles: >>> >>> http://www.shorewall.net/Introduction.html >>> http://www.shorewall.net/two-interfaces.htm >>> >>> >>> >>policy: >>loc net ACCEPT >>fw loc ACCEPT >>fw net ACCEPT >>net all DROP info >>all all REJECT info >> >>rules: >>REDIRECT loc 3128 tcp www - >> >> > >The above rule is redundant given your third policy above. > > > >>ACCEPT fw net tcp www >> >>It was the first part, and I think it''s looking good, but I am not sure. >>That''s why I wrotted to the mailing list ! >>Thank''s for your help, I''ll came back tomorrow and tell you how it is >>good or not. >> >> > >Please follow the instructions -- you will also need an entry in >/etc/shorewall/masq to have any loc->net access (assuming that your >local network uses private IP addresses). > >For what it''s worth, if you configure "Internet Connection Sharing" >using the Mandrake configuration GUI, it will do all of this for you. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > >I tried a lot of things a lot of times, end at the end I decided to install 10.2 (LE2005). I had maybe (surely !) made som changements somewhere because now it is running perfectly, and I have just used the graphical tools (like a "windows"). Thanks for you help and the work you are doing. Sincerely Jean Christophe ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf