Shorewall users - Mar 2009 - Polices, Rules and Configurations - No Success

Hello,


I''m running a Shorewall 4.2.6 with all patchs.

My policy is all traffic blocked and just allow some services. I''m try
to
set, but don''t have success to running okay. I''m searching,
but don''t see my
mistake.

My configuration is:

eth0 - internal interface (192.168.0.5/24)
eth1 - internal interface (192.168.20.5/24)
eth2 - external interface (220.x.y.234/24) connected with ISP''s modem

Internal DNS = 192.168.0.200

I''m use PPPoE conected with eth2, and my IP on ppp0 is 220.x.y.235 and
my
pppoe interface (ppp0)  receive the same (fixed) ip address (220.x.y.233).

# /etc/shorewall/params
TLM=eth0
ADM=eth1
EXT=eth2
DNS=192.168.0.200

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
118.23.99.136   0.0.0.0        255.255.255.255 UH    0      0        0  ppp0
220.x.y.0           0.0.0.0         255.255.255.0     U     0      0 
0  eth2
192.168.20.0     0.0.0.0         255.255.255.0     U     0      0        0 
eth0
192.168.0.0       0.0.0.0         255.255.255.0     U     0      0        0 
eth1
0.0.0.0               0.0.0.0         0.0.0.0                 U     0      0 
0  ppp0


My files:


# /etc/shorewall/zones
###############################################################################
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                               OPTIONS 
OPTIONS
fw      firewall
net     ipv4
tlm     ipv4
adm     ipv4

# /etc/shorewall/interfaces
###############################################################################
#ZONE   INTERFACE       BROADCAST       OPTIONS
tlm     $TLM            detect          routefilter,tcpflags,dhcp,routeback
adm     $ADM            detect          routefilter,tcpflags,dhcp,routeback
net     $EXT            detect 
tcpflags,routefilter,blacklist,nosmurfs

# /etc/shorewall/masq
###############################################################################
#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) 
IPSEC   MARK
$EXT                    $TLM
$EXT                    $ADM

# /etc/shorewall/rules
####################################################################################################################################################
#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE 
ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME
#                                                       PORT    PORT(S) 
DEST            LIMIT           GROUP
REDIRECT        adm             3128            tcp     80
REDIRECT        tlm             3128            tcp     80
ACCEPT          $FW             net             tcp     80,443
Ping/ACCEPT     adm             $FW
Ping/ACCEPT     tlm             $FW
Ping/ACCEPT     $FW             adm
Ping/ACCEPT     $FW             tlm
Ping/ACCEPT    adm              net
Ping/ACCEPT     $FW             net
DNS/ACCEPT      adm:$DNS        net
DNS/ACCEPT      $FW             net
DNS/ACCEPT      tlm             adm:$DNS

# /etc/shorewall/rfc1918
###############################################################################
#SUBNETS                TARGET
192.168.0.0/24          RETURN          # ADM Network
192.168.20.0/24        RETURN          # TLM Network
172.16.0.0/12           logdrop          # RFC 1918
192.168.0.0/16         logdrop          # RFC 1918
10.0.0.0/8                 logdrop          # RFC 1918


What am I doing wrong? Someone can help me?


Best Regards,
Watanabe 


------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com