Hi, I am trying something so easy but doesnt work for me. I want to have more than once zone in my lan, for example my lan es 192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs. etc here is my conf: Interfaces: -------------- #ZONE INTERFACE BROADCAST OPTIONS - eth3 detect net eth1 detect norfc1918 net eth0 detect norfc1918 net eth2 detect norfc1918 vpn tun0 detect hosts: --------- #ZONE HOST(S) OPTIONS tec eth3:$TECNICA p2p eth3:$MUSICA1,$MUSICA2 loc eth3:192.168.0.0/24 params: ------------ MUSICA1=192.168.0.21 MUSICA2=192.168.0.22 SMTP_SERVERS=192.168.0.11,192.168.0.15 TECNICA=192.168.0.219 zones: --------- #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 p2p ipv4 vpn ipv4 tec ipv4 part of rules file: ----------------------- ACCEPT tec net tcp smtp,pop3,3306 When I try to connect to my sql server this happens: Nov 7 16:20:17 fw3 kernel: Shorewall:all2all:REJECT:IN=eth3 OUT=eth0 SRC192.168.0.219 DST=*public IP* LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=35586 DF PROTO=TCP SPT=5783 DPT=3306 What is wrong? Thanks ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Nico Pagliaro wrote:> What is wrong?man shorewall-nesting -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
GREAT! really thanks I didnt know that name!! NOW WORKS!! this was my change: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 p2p:loc ipv4 vpn ipv4 tec:loc ipv4 On Fri, Nov 7, 2008 at 5:46 PM, Tom Eastep <teastep@shorewall.net> wrote:> Nico Pagliaro wrote: > > > What is wrong? > > man shorewall-nesting > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/